Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th October 2014, 18:56
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default ISPConfig 3.0.5.4 Patch 4 released

What's new in ISPConfig 3.0.5.4p4

This release introduces support for CentOS 7, adds some interesting new security features
and fixes several bugs in the remote API.

Intrusion Detection System

The ISPConfig interface now contains a IDS System to protect it against unknown threats and
vulnerabilitys. The IDS System consists of a scan engine for POST, GET and COOKIE
variables based on PHPIDS and a SQL query scanner to detect SQL injection attacks.

The IDS system does not replace any of the input and variable checks that are implemented in ISPConfig,
the IDS adds a more generic check for all incoming variables in ISPConfig to build a second defense line.

For now, the IDS system is configured to add warnings in the ISPConfig System log only and not to block attacks.
If you like to block attacks, set ids_block_level to a value between 5 and 20 in the security_settings.ini file.
The checks are quite strict and it is possible taht you have to whitelist some addditional variables to avoid false
positive warnings. Therefore I would like to ask you to help us to complete the whitelist.

The sql injection scanner is turned on by default while the intrusion detection system is turned off
because the scan of all incoming variables can slow down the ISPconfig interface. You can turn
the IDS on in /usr/local/ispconfig/security/security_settings.ini by changing "ids_enabled" to "yes"
if you like to test this new feature.

How whitelisting in IDS works:

The IDS writes all alerts in whitelst file format to the file /usr/local/ispconfig/interface/temp/ids.log
and the full warning message to the ispconfig system log in the interface. If you find that a alert is
a false positive, then please post the alert message and line from ids.log here in the forum so we can check
that and add it to the official whitelist.

You can find a detailed description on the IDS settings in the security README file in the
/usr/local/ispconfig/security/ folder.

See changelog link below for a list of all changes that are included in this release.

-----------------------------------------------------
- Download
-----------------------------------------------------

The software can be downloaded here:

http://prdownloads.sourceforge.net/i...0.5.4p4.tar.gz

------------------------------------
- Changelog
------------------------------------

http://bugtracker.ispconfig.org/inde...&status[]=

--------------------------------------
- Known Issues:
--------------------------------------

Please take a look at the bugtracker:

http://bugtracker.ispconfig.org

--------------------------------------
- BUG Reporting
--------------------------------------

Please report bugs to the ISPConfig bugtracking system:

http://bugtracker.ispconfig.org

----------------------------------------
- Supported Linux Distributions
----------------------------------------

- Debian Etch (4.0) - Wheezy (7.0) and Debian testing
- Ubuntu 7.10 - 14.04
- OpenSuSE 11 - 13.1
- CentOS 5.2 - 7
- Fedora 9 - 15

-----------------------------------------
- Installation
-----------------------------------------

The installation instructions for ISPConfig can be found here:

http://www.ispconfig.org/ispconfig-3/documentation/

or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file.

------------------------------------------
- Update
------------------------------------------

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select "stable" as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before you update can be found here:

http://www.faqforge.com/linux/contro...e-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

-------------------------------------------
- Manual update instructions
-------------------------------------------

Code:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.

Last edited by till; 17th October 2014 at 20:02.
Reply With Quote
The Following 8 Users Say Thank You to till For This Useful Post:
Captain (20th October 2014), edge (17th October 2014), Ghostdare (20th October 2014), Hans (17th October 2014), itanium (21st October 2014), onastvar (18th October 2014), webguyz (18th October 2014), yoplait (24th October 2014)
Sponsored Links
  #2  
Old 18th October 2014, 01:10
webguyz webguyz is offline
Senior Member
 
Join Date: Oct 2012
Location: Earth
Posts: 144
Thanks: 38
Thanked 18 Times in 15 Posts
Default

Till,

Was curious as to the best way to apply ISPConfig updates to dozens of servers in a multi-server ISPConfig setup. Does your hosting company do these manually or do you use some type of orchestration software like puppet to automate the upgrades?

Thanks for all you do!
Reply With Quote
  #3  
Old 19th October 2014, 19:09
bernholdt bernholdt is offline
Senior Member
 
Join Date: Jun 2007
Posts: 156
Thanks: 47
Thanked 13 Times in 11 Posts
Default After update is still tells me version 3.0.5.4p3

I just ran the update
But it is still telling me it is the old version 3.0.5.4p3 any ideas how to fix this?

Never mind just needed to delete the old version from tmp

Regards
Michael

Last edited by bernholdt; 19th October 2014 at 19:11.
Reply With Quote
  #4  
Old 20th October 2014, 10:50
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 168
Thanks: 32
Thanked 28 Times in 21 Posts
Default

If I update from 3.0.5.4p3 to 3.0.5.4p4, do I have to choose "update services configurations"??
Reply With Quote
The Following User Says Thank You to concept21 For This Useful Post:
robertoshulze2257 (26th October 2014)
  #5  
Old 20th October 2014, 10:52
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

If you like to apply the poodle ssl changes (in case you did not do that manually yet), then yes. Otherwise a reconfigure is not required.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 21st October 2014, 06:16
itanium itanium is offline
Member
 
Join Date: Jul 2008
Location: france
Posts: 38
Thanks: 20
Thanked 4 Times in 4 Posts
Default

Hello,

Thank you for this update.

I have just a small problem with the patch 4. After the update i can't use the php-fpm socket. I have an error 500 (FastCGI: incomplete headers (0 bytes) received from server).

in the vhost of a website (php-fpm socket in use on the ispconfig interface) :
"FastCgiExternalServer /var/www/xxx/xx/w23/cgi-bin/php5-fcgi-x.x.x.x-xxx.xxx.net -idle-timeout 300 -host 127.0.0.1:9032 -pass-header Authorization"

need to be :

"FastCgiExternalServer/var/www/xxx/xx/w23/cgi-bin /php5-fcgi-x.x.x.x-xxx.xxx.net -idle-timeout 300 -socket /var/lib/php5-fpm/web23.sock -pass-header Authorization"

With the patch 3, the "-host" change to "-socket" when you enable socket in the ispconfig interface.

Ispconfig 3.0.5.4p4 on Ubuntu 14.04.
Reply With Quote
The Following User Says Thank You to itanium For This Useful Post:
simourix (20th November 2014)
  #7  
Old 21st October 2014, 07:53
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

We have a bugtracker ticket on that topic. I will check that.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 23rd October 2014, 13:30
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 168
Thanks: 32
Thanked 28 Times in 21 Posts
Default

I experience a bug. When I update from 3.054p3 to 3.054p4, backing up ispconfig stops and jumps back to the shell. Then, I re-run the update and choose no backing up ispconfig. The update is then successful.
Reply With Quote
The Following User Says Thank You to concept21 For This Useful Post:
robertoshulze2257 (4th November 2014)
  #9  
Old 23rd October 2014, 13:50
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Thats a problem with the php binary and happens when the php has no mysql extension. Please post the output of:

which php
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #10  
Old 23rd October 2014, 17:53
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 168
Thanks: 32
Thanked 28 Times in 21 Posts
 
Unhappy

It is my OS. It have been running for over a year without problem backing up ispconfig.

php5-mysql 5.3.3-8ubuntu12~lucid1
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig 3.0.5.4 RC1 released till General 19 17th April 2014 01:19
ISPConfig 3.0.5.4 beta released till General 10 3rd April 2014 16:08
Problem access ispconfig url wearth General 1 30th May 2013 14:50
ISPConfig 3.0.0.9 RC2 released till General 51 17th April 2009 18:12
ISPConfig 2.3.3-dev released till General 10 12th March 2008 22:08


All times are GMT +2. The time now is 19:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.