Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 2nd January 2012, 22:45
fxs fxs is offline
Junior Member
 
Join Date: Jan 2012
Posts: 27
Thanks: 2
Thanked 1 Time in 1 Post
Default various security problem

Hi,
Happy new year
I’m not a server administration but I rent mid-december a dedicated server in France at OVH with debian 6 with ispconfig 3.0.4.1 (EG SSD). thanks for your work.

First question, I think the distribution I received has some modifications. Please, could you confirm that this message is not important:
Error: (CLI:003) Specified controller does not exist.
PHP Warning: Invalid argument supplied for foreach() in /usr/local/ispconfig/server/lib/classes/monitor_tools.inc.php on line 1072
FATAL: Could not load /lib/modules/2.6.38.2-grsec-xxxx-grs-ipv6-64/modules.dep: No such file or directory
Failed to load mptctl

Second question last week there were some attacks (especially in the mailing system), but I didn’t pay attention because we don’t use too much and everything seems to work.
The 22th December, according logwatch, everything was ok
Amavisd-new Begin:
13 messages checked and passed.
4 spam messages were found.
1 messages with bad headers were found.
The 23th December,
Amavisd-new Begin:
20 messages checked and passed.
2 spam messages were found.
**Unmatched Entries**
NOTICE: reconnecting in response to: err=2006, HY000, DBD::mysql::st execute failed: MySQL server has gone away at (eval 103) line 166, <GEN147> line 4.: 1 Time(s)
And worst and worst ……
And now in the mail warn log, I have:
an 1 06:26:12 nsxxx amavis[2866]: (02866-02) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Aucun fichier ou dossier de ce type, retrying (2)
Jan 1 06:26:12 nsxxxx amavis[9430]: (09430-20) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Aucun fichier ou dossier de ce type, retrying (2)
Jan 1 06:26:18 nsxxx amavis[2866]: (02866-02) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Aucun fichier ou dossier de ce type) at (eval 105) line 373.\n
Jan 1 06:26:18 nsxxx amavis[2866]: (02866-02) (!!)WARN: all primary virus scanners failed, considering backups
Please, could you confirm me Clamav didn’t work any more and tell me how to fix that without disturbing ispconfig / which package version (server is working full)

Third, I saw there are firewall and iptable inside ispconfig, but the manual is not too much verbose. Does it work like shorewall? If not, can I install shorewall without disturbing ISPCONFIG3? I would like to ban manually some ip. Is this possible to perform with ISPCONFIG? Is the a tuto specifically to ispconfig?

thanks for your answers.
regards
Reply With Quote
Sponsored Links
  #2  
Old 2nd January 2012, 23:07
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,046
Thanks: 826
Thanked 5,389 Times in 4,234 Posts
Default

None of the above is a real security problem, the things you posted above is the normal "noise" that you find in the log files and no attacks on your server.

1) Thats ok. There is some driver software installed on your server but the hardware is not installed. Thats normal on OVH servers as they use the same server image for different servers. This can be ignored.

2) Restart clamd

3) ISPConfig uses the Bastille firewall script which is based on iptables. You can use any firewall on a ispconfig server, just ensure that you do not enable the ispconfig firewall when you have already a different firewall installed.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 3rd January 2012, 07:04
fxs fxs is offline
Junior Member
 
Join Date: Jan 2012
Posts: 27
Thanks: 2
Thanked 1 Time in 1 Post
Default

Thanks for the answer.
Unfortunately, clamAV does not work any more
Tried to reastall the whole thing according the tuto.
Get some error message.
Get:
dpkg -l | grep clamav
ii clamav 0.97.2+dfsg-1~squeeze1 anti-virus utility for Unix command-line interface
ii clamav-base 0.97.3+dfsg-1~lenny1 anti-virus utility for Unix - base package
rc clamav-daemon 0.97.2+dfsg-1~squeeze1 anti-virus utility for Unix - scanner daemon
ii clamav-docs 0.97.3+dfsg-1~lenny1 anti-virus utility for Unix - documentation
ii clamav-freshclam 0.97.2+dfsg-1~squeeze1 anti-virus utility for Unix - virus database update utility
ii libclamav6 0.97.2+dfsg-1~squeeze1 anti-virus utility for Unix - library
Is it the source of the problem and how to fix that? What is the command related?

Logwatch:
**Unmatched Entries**
(!!)WARN: all primary virus scanners failed, considering backups: 4 Time(s)
(!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Aucun fichier ou dossier de ce type) at (eval 105) line 373.\n: 4 Time(s)
(!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Aucun fichier ou dossier de ce type, retrying (2): 4 Time(s)
NOTICE: reconnecting in response to: err=2006, HY000, DBD::mysql::st execute failed: MySQL server has gone away at (eval 103) line 166, <GEN72> line 4.: 1 Time(s)
NOTICE: reconnecting in response to: err=2006, HY000, DBD::mysql::st execute failed: MySQL server has gone away at (eval 103) line 166, <GEN91> line 5.: 1 Time(s)
NOTICE: reconnecting in response to: err=2006, HY000, DBD::mysql::st execute failed: MySQL server has gone away at (eval 103) line 166, <GEN122> line 4.: 1 Time(s)

Thanks
Reply With Quote
  #4  
Old 3rd January 2012, 18:24
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Please restart MySQL.

Please check your clamd configuration to find out where the socket is located and then adjust the socket location in your amavisd configuration. Restart amavisd afterwards.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 4th January 2012, 11:07
fxs fxs is offline
Junior Member
 
Join Date: Jan 2012
Posts: 27
Thanks: 2
Thanked 1 Time in 1 Post
Default

Hi,
I get some error message.
At the begining, the passord root and the mysql were the same.
Then I change the root password (not the mysql)- i don't remember when.
Could be at the origin of the problem?
What should I do to fix that?
Should I change the word 'root' by the "new password root" in /usr/local/ispconfig/server/lib/mysql_clientdb.conf (even if it works well for all the website and forum and i believe (wrong?) rootsw mean the same value than there is in the system)
regards
Reply With Quote
  #6  
Old 4th January 2012, 16:13
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

If the MySQL root password is unchanged, there should be no problem.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 4th January 2012, 22:09
fxs fxs is offline
Junior Member
 
Join Date: Jan 2012
Posts: 27
Thanks: 2
Thanked 1 Time in 1 Post
Default

The things get worst and worst...

Mail-Error - Log
Code:
Jan 1 06:26:18 xxxxx    amavis[2866]: (02866-02) (!!)WARN: all primary virus scanners failed, considering backups
…………………………………
Jan 4 10:12:48 xxxxx   amavis[2912]: (02912-06) (!!)TROUBLE in process_request: connect_to_sql: unable to connect to any dataset at (eval 103) line 241, line 4. at (eval 104) line 280, line 4.
……………………………………
Jan 4 20:12:40 xxxxx postfix/smtp[30172]: fatal: mysql:/etc/postfix/mysql-virtual_relaydomains.cf(0,lock|fold_fix): table lookup problem
Jan 4 20:12:41 xxxxxxx postfix/error[30175]: fatal: mysql:/etc/postfix/mysql-virtual_relaydomains.cf(0,lock|fold_fix): table lookup problem
Jan 4 20:12:42 xxxxxx  postfix/qmgr[9610]: fatal: mysql:/etc/postfix/mysql-virtual_relaydomains.cf(0,lock|fold_fix): table lookup problem
Mail-Warn - Log
Code:
Jan 4 20:39:02 xxxx amavis[8868]: (08868-05) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Aucun fichier ou dossier de ce type) at (eval 105) line 373.\n
Jan 4 20:39:02 xxxx amavis[8868]: (08868-05) (!!)WARN: all primary virus scanners failed, considering backups
Jan 4 20:39:02 xxxxx amavis[30174]: (30174-02) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Aucun fichier ou dossier de ce type) at (eval 105) line 373.\n
Jan 4 20:39:02 xxxxx  amavis[30174]: (30174-02) (!!)WARN: all primary virus scanners failed, considering backups
……………………………………………………..
Jan 4 20:12:40 xxxxx amavis[8869]: (08869-04) (!)Requesting process rundown after fatal error
Jan 4 20:12:40 xxxxx postfix/smtp[30172]: warning: connect to mysql server 127.0.0.1: Can't connect to MySQL server on '127.0.0.1' (111)
Jan 4 20:12:40 xxxxx postfix/smtp[30172]: fatal: mysql:/etc/postfix/mysql-virtual_relaydomains.cf(0,lock|fold_fix): table lookup problem
Jan 4 20:12:41 xxxxx postfix/qmgr[9610]: warning: private/amavis socket: malformed response
Jan 4 20:12:41 xxxxx postfix/qmgr[9610]: warning: transport amavis failure -- see a previous warning/fatal/panic logfile record for the problem description
Jan 4 20:12:41 xxxxx postfix/master[10836]: warning: process /usr/lib/postfix/smtp pid 30172 exit status 1
Jan 4 20:12:41 xxxxx postfix/master[10836]: warning: /usr/lib/postfix/smtp: bad command startup -- throttling
Jan 4 20:12:41 xxxxx postfix/error[30175]: warning: connect to mysql server 127.0.0.1: Can't connect to MySQL server on '127.0.0.1' (111)
Jan 4 20:12:41 xxxxx postfix/error[30175]: fatal: mysql:/etc/postfix/mysql-virtual_relaydomains.cf(0,lock|fold_fix): table lookup problem
Jan 4 20:12:42 xxxxx postfix/qmgr[9610]: warning: private/retry socket: malformed response
Jan 4 20:12:42 xxxxx postfix/qmgr[9610]: warning: transport retry failure -- see a previous warning/fatal/panic logfile record for the problem description
Jan 4 20:12:42 xxxxx postfix/master[10836]: warning: process /usr/lib/postfix/error pid 30175 exit status 1
Jan 4 20:12:42 xxxxx postfix/master[10836]: warning: /usr/lib/postfix/error: bad command startup -- throttling
Jan 4 20:12:42 xxxxx postfix/qmgr[9610]: warning: connect to mysql server 127.0.0.1: Can't connect to MySQL server on '127.0.0.1' (111)
Jan 4 20:12:42 xxxxx postfix/qmgr[9610]: fatal: mysql:/etc/postfix/mysql-virtual_relaydomains.cf(0,lock|fold_fix): table lookup problem
Jan 4 20:12:43 xxxxx postfix/master[10836]: warning: process /usr/lib/postfix/qmgr pid 9610 exit status 1
Jan 4 20:16:44 xxxxx amavis[8868]: (08868-04) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Aucun fichier ou dossier de ce type, retrying (2)
I tried to install again:
Code:
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
restart mysql and get this message
Code:
 /etc/init.d/mysql restart
Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..
Then I got panic and restart apache 2 (dont't ask why)
Code:
Restarting web server: apache2[Wed Jan 04 21:17:09 2012] [warn] NameVirtualHost   xxxxx:80 has no VirtualHosts
[Wed Jan 04 21:17:09 2012] [warn] NameVirtualHost xxxxx:443 has no VirtualHosts
 ... waiting [Wed Jan 04 21:17:10 2012] [warn] NameVirtualHost xxxxx:80 has no VirtualHosts
[Wed Jan 04 21:17:10 2012] [warn] NameVirtualHost xxxxx:443 has no VirtualHosts

root@nsxxxxx:/etc/apache2# grep -i "NameVirtualHost" *
ports.conf:NameVirtualHost *:80
ports.conf:    # If you add NameVirtualHost *:443 here, you will also have to change
I had a look at # netstat -tap | grep mysql
Code:
tcp        0      0 *:mysql                 *:*                     LISTEN      5869/mysqld
tcp        1      0 localhost.localdo:41473 localhost.localdo:mysql CLOSE_WAIT  8868/amavisd (ch5-a
tcp        1      0 localhost.localdo:59140 localhost.localdo:mysql CLOSE_WAIT  30174/amavisd (ch3-
tcp        1      0 localhost.localdo:59140 localhost.localdo:mysql CLOSE_WAIT  30174/amavisd (ch3
By now I'm taking some Valium to be quiet for the rest of the week.

Is there a way to fix this mess?

thanks

regards

Last edited by fxs; 4th January 2012 at 22:13.
Reply With Quote
  #8  
Old 5th January 2012, 09:30
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,046
Thanks: 826
Thanked 5,389 Times in 4,234 Posts
Default

1) apache is fine. What you posted above are no errors.
2) Your email problems are most likely related to mysql problems. Try to login to mysql with the username and password that you find in the files /etc/postfix/mysql-virtual_forwardings.cf o check if the login works.
3) restart dovecot.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 5th January 2012, 10:14
fxs fxs is offline
Junior Member
 
Join Date: Jan 2012
Posts: 27
Thanks: 2
Thanked 1 Time in 1 Post
Default

Hi,

you're absolutely right.
I open the file and try to connect with the username and password (original/never changed)
Code:
root@xxxxx:~# mysql --user=xxxxx--password=xxxxxxx
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
So that what I should do?
thanks
best regards
Reply With Quote
  #10  
Old 5th January 2012, 10:28
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,046
Thanks: 826
Thanked 5,389 Times in 4,234 Posts
 
Default

Please post the mysql my.cnf configuration file. The path is either in /etc/my.cnf or /etc/mysql/my.cnf

Additionally post the output of:

ls -la /var/run/mysqld/
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix problems with smtp linkdeb Server Operation 13 15th March 2014 17:58
table lookup problem aurelius Installation/Configuration 5 2nd November 2011 19:12
Need some Hints to "The Perfect Server - Debian Lenny (Debian 5.0) [ISPConfig 3]" wahid HOWTO-Related Questions 10 25th August 2010 15:18
Big Security Problem vogelor General 8 29th March 2007 17:07
ssh security problem... Jonathan Installation/Configuration 1 26th May 2006 01:59


All times are GMT +2. The time now is 04:52.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.