can not log in to ftp since plesk upgrade - authentication

Non of my ftp accounts work via ftp since I upgraded to plesk 9.5.4. I get "530 login incorrect." The username and password are correct since I can see them at both at /etc/passwd and /etc/shadow. I have tried changing the information via Domains -> mydomain.com -> Web Hosting Settings -> FTP Login and I still get the error. If I add a user name or password via Web Users, it is added to the password file, but that login does not work either. My root login via SSH works fine. Any suggestions?
Thanks,
-Jonathan

Check your /var/log/messages for errors from proftpd.
Here is my /var/log/messages for simple FTP session:
Jan 16 16:39:15 localhost xinetd[577]: START: ftp pid=9317 from=::ffff:10.50.2.4
Jan 16 16:39:16 localhost proftpd[9317]: 10.52.52.203 (10.50.2.4[10.50.2.4]) - FTP session opened.
Jan 16 16:39:16 localhost proftpd[9317]: 10.52.52.203 (10.50.2.4[10.50.2.4]) - FTP session closed.
Jan 16 16:39:16 localhost xinetd[577]: EXIT: ftp status=0 pid=9317 duration=1(sec)
Jan 16 16:39:16 localhost xinetd[577]: START: ftp pid=9318 from=::ffff:10.50.2.4
Jan 16 16:39:16 localhost proftpd[9318]: 10.52.52.203 (10.50.2.4[10.50.2.4]) - FTP session opened.
Jan 16 16:39:22 localhost proftpd[9318]: 10.52.52.203 (10.50.2.4[10.50.2.4]) - Preparing to chroot to directory '/var/www/vhosts/domain.tld'
Jan 16 16:40:03 localhost xinetd[577]: Exiting...

Related

sssd Error: Could not start TLS encryption. (unknown error code)

I am trying to configure Linux machine authentication with Google secure LDAP, adding the steps below that I have done
Added the LDAP client with below permission:
Access permission: Entire Domain
Read user information: Entire Domain
Read group information: ON
Installed SSSd in my Ubuntu box(which is running in Azure)
sudo apt install -y sssd sssd-tools
My sssd.conf file
[sssd]
debug_level = 7
services = nss, pam
domains = mydomain.com
[pam]
debug_level = 7
[nss]
debug_level = 7
[domain/mydomain.com]
debug_level = 7
cache_credentials = true
ldap_id_use_start_tls = true
ldap_tls_cacertdir = /home/ubuntu/ssl_Linux
ldap_tls_cacert = /home/ubuntu/ssl_Linux/gldap.crt
ldap_tls_cert = /home/ubuntu/ssl_Linux/gldap.crt
ldap_tls_key = /home/ubuntu/ssl_Linux/gldap.key
ldap_uri = ldaps://ldap.google.com:636
ldap_search_base = ou=Users,dc=mydomain,dc=com
ldap_group_name = uniqueMember
id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307bis
ldap_user_uuid = entryUUID
ldap_groups_use_matching_rule_in_chain = true
ldap_initgroups_use_matching_rule_in_chain = true
enumerate = false
Here I'm able to start the SSSD service bt getting the below error
Nov 15 09:14:54 myserver systemd[1]: Started System Security Services Daemon.
Nov 15 09:14:55 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
Nov 15 09:16:11 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
Nov 15 09:16:11 myserver sssd[be[67530]: Backend is offline
Nov 15 09:17:19 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
Nov 15 09:19:48 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
Nov 15 09:24:02 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
FYI: I'm able to successfully authenticate with the google secure LDAP using below command
LDAPTLS_CERT=mycrt.crt LDAPTLS_KEY=mykey.key ldapsearch -H ldaps://ldap.google.com:636 -b "ou=Users,dc=mydomain,dc=com" -D "my.user#mydomain.com" "(uid=my.user)" -W
Refrance: https://helpcenter.itopia.com/en/articles/2394004-configuring-google-cloud-identity-ldap-on-ubuntu-16-04-for-user-logins
Please help me on this,
Thanks :)
I had same issue.
adding ldap_tls_cipher_suite = NORMAL:!VERS-TLS1.3 to sssd.conf file worked for me. I am on Ubuntu 20.04.5 LTS
I had tried the same document with the new Virtual-Machine, It works fine for me.
Just need to make sure after configuring google LDAP client in http://admin.google.com/ portal may take up to 24 hours to take effect.
Thanks

Why can't upload files into dropbox at shutdown?

Fix as jayant say.
cat upload.sh
/home/Dropbox-Uploader/dropbox_uploader.sh upload -f /home/Dropbox-Uploader/.dropbox_uploader /home/material/* /
date >> /home/upload.log
All files in directory material can be uploaded into my dropbox with bash upload.sh.
I want to write a autorun service at shutdown to upload files into dropbox.
vim /etc/systemd/system/upload.service
[Unit]
Description=upload files into dropbox
Before=network.target shutdown.target reboot.target
[Service]
ExecStart=/bin/true
ExecStop=/bin/bash /home/upload.sh
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
Enable it with:
sudo systemctl enable upload.service
To reboot it.
journalctl -u upload
-- Logs begin at Thu 2018-01-18 22:38:54 EST, end at Tue 2018-04-10 06:55:43 EDT. --
Apr 10 06:48:27 localhost systemd[1]: Started upload files into dropbox.
Apr 10 06:48:27 localhost systemd[1]: Starting upload files into dropbox...
Apr 10 06:48:27 localhost bash[111]: which: no shasum in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin)
Apr 10 06:48:27 localhost bash[111]: > Uploading "/home/material/test.txt" to "/test.txt"...
Apr 10 06:48:27 localhost bash[111]: Error: Couldn't resolve host.
ln -s /usr/bin/sha1sum /usr/bin/shasum according to google's result.
Reboot the second time.
journalctl -u dropbox
Apr 10 06:55:04 localhost systemd[1]: Started upload files into dropbox.
Apr 10 06:55:04 localhost systemd[1]: Starting upload files into dropbox...
Apr 10 06:55:04 localhost bash[113]: shasum: invalid option -- 'a'
Apr 10 06:55:04 localhost bash[113]: Try 'shasum --help' for more information.
Apr 10 06:55:04 localhost bash[113]: shasum: invalid option -- 'a'
Apr 10 06:55:04 localhost bash[113]: Try 'shasum --help' for more information.
Apr 10 06:55:04 localhost bash[113]: > Uploading "/home/material/test.txt" to "/test.txt"...
Apr 10 06:55:04 localhost bash[113]: Error: Couldn't resolve host.
Do as Raushan say,new issue arised,
Uploading by 4 chunks *** FAILED dropbox
For the problem Uploading by 4 chunks *** FAILED dropbox ,some material say that if files exceeding 150 mb should be uploaded in chunks.
split -b 10m /home/upload.tar.gz /home/material/dropbox
ls /home/material
dropboxaa dropboxac dropboxae dropboxag ......
Both of them is less than 10m.
journalctl -u upload
Apr 19 01:45:26 localhost systemd[1]: Started upload files into dropbox.
Apr 19 01:45:26 localhost systemd[1]: Starting upload files into dropbox...
Apr 19 01:45:27 localhost bash[401]: > Uploading "/home/material/dropboxaa" to "/dropboxaa"... FAILED
Apr 19 01:45:27 localhost bash[401]: An error occurred requesting /upload
Apr 19 01:45:28 localhost bash[401]: > Uploading "/home/material/dropboxab" to "/dropboxab"... FAILED
Apr 19 01:45:40 localhost bash[401]: Some error occured. Please check the log.
Apr 19 01:45:40 localhost systemd[1]: upload.service: main process exited, code=exited, status=1/FAILURE
Apr 19 01:45:40 localhost systemd[1]: Unit upload.service entered failed state.
Apr 19 01:45:40 localhost systemd[1]: upload.service failed.
Why > Uploading "/home/material/dropboxaa" to "/dropboxaa"... FAILED?
It is not possible that the second instruction of your script executes without executing the first one. Try redirecting the error output of the dropbox_uploader.sh to see what is failing.
Assuming you are using dropbox-uploader, try specifying the exact location of the configuration file. See Running as cron job section in their README.md
/home/Dropbox-Uploader/dropbox_uploader.sh -f /path/to/.dropbox_uploader upload /home/material/* /
For the Couldn't resolve host problem :
Unit configuration should have dependency like
After=network.target instead of Before=network.target as the default shutdown order is inverse of startup
[Unit]
Description=upload files into dropbox
Before=shutdown.target reboot.target
After=network.target
[Service]
ExecStart=/bin/true
ExecStop=/bin/bash /home/upload.sh
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
Refer: https://serverfault.com/a/785355
For the shasum problem :
I am not sure about your OS distro, I am using Fedora 25.
In my case shasum binary is from perl-Digest-SHA package which can be installed by command yum install perl-Digest-SHA on RedHat based linux distro
Refer: https://superuser.com/a/1180163

CPanel/WHM Unknown License File Error

So my issue is like the title suggests. However I have tried the following suggestions from this page (https://documentation.cpanel.net/display/ALD/Installation+Guide+-+Troubleshoot+Your+Installation#InstallationGuide-TroubleshootYourInstallation-Licenseerrors) with no results.
1.) curl -L http://cpanel.net/showip.cgi (shows my ip address on the server for use on the verify.cpanel.net script), this can be verified also here... (http://verify.cpanel.net/index.cgi?ip=xxx.xxx.xxx.xx) (I don't like showing my IP, but trust me it was verified.)
2.) /usr/local/cpanel/cpkeyclt
Updating cPanel license...Done. Update Failed!
Error message:
A License check appears to already be running.
Building global cache for cpanel...Done
So the above didn't work.
I then tried these commands.
3.) /usr/local/cpanel/etc/init/stopcpsrvd and then /usr/local/cpanel/scripts/upcp --sync to attempt to resynchronize.
This appears to successfully run but I still get the same error. Attached below is the error message I get when I attempt to login to WHM.
4.) I then tried running rdate -s rdate.cpanel.net as suggested in some other posts to have the times match up and then when I run (/usr/local/cpanel/cpkeyclt) it seems to time out and nothing ever happens.
Looking at the logs for the cpanel license (/usr/local/cpanel/logs/license_log) I see this.
Tue Jul 26 16:23:30 2016: Trying server 208.74.125.22
Tue Jul 26 16:23:45 2016: Timed out while connecting to port 2089
Tue Jul 26 16:24:00 2016: Timed out while connecting to port 80
Tue Jul 26 16:24:15 2016: Timed out while connecting to port 110
Tue Jul 26 16:24:30 2016: Timed out while connecting to port 143
Tue Jul 26 16:24:45 2016: Timed out while connecting to port 25
Tue Jul 26 16:25:00 2016: Timed out while connecting to port 23
Tue Jul 26 16:25:15 2016: Timed out while connecting to port 993
Tue Jul 26 16:25:30 2016: Timed out while connecting to port 995
Tue Jul 26 16:30:14 2016: License Update Request
Tue Jul 26 16:30:14 2016: Using full manual DNS resolution
Tue Jul 26 16:30:14 2016: Trying server 208.74.121.85
Tue Jul 26 16:30:29 2016: Timed out while connecting to port 2089
Any help is appreciated!
Notes
Results of running /usr/local/cpanel/etc/init/stopcpsrvd
/usr/local/cpanel/etc/init/stopcpsrvd
Waiting for “cpsrvd” to stop ……Gracefully Terminating processes: cpsrvd: with pids 20842 and owner root.......waited 1 second(s) for 1 process(es) to terminate....Done
…finished.
Startup Log
Starting PID 20839: /usr/local/cpanel/libexec/cpsrvd-dormant
Results of running /usr/local/cpanel/scripts/upcp –sync (Couldn't show everything because of text character limitations)
[2016-07-26 15:39:39 -0400] Detected cron=0 (Terminal detected)
----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------
=> Log opened from cPanel Update (upcp) - Slave (21620) at Tue Jul 26 15:41:53 2016
[2016-07-26 15:41:53 -0400] Maintenance completed successfully
[2016-07-26 15:41:54 -0400] 95% complete
[2016-07-26 15:41:54 -0400] Running Standardized hooks
[2016-07-26 15:41:54 -0400] 100% complete
[2016-07-26 15:41:54 -0400]
[2016-07-26 15:41:54 -0400] cPanel update completed
[2016-07-26 15:41:54 -0400] A log of this update is available at /var/cpanel/updatelogs/update.1469561979.log
[2016-07-26 15:41:54 -0400] Removing upcp pidfile
[2016-07-26 15:41:54 -0400]
[2016-07-26 15:41:54 -0400] Completed all updates
=> Log closed Tue Jul 26 15:41:54 2016
It turns out the answer was IPTables. Before that it was the rDate command that was necessary to fix it, but my IPTables was blocking the connections.
To temporarily disable your firewall do this.
iptables-save > /root/current.ipt
iptables -P INPUT ACCEPT; iptables -P OUTPUT ACCEPT
iptables -F INPUT; iptables -F OUTPUT
ping -c 3 google.com
iptables-restore < /root/current.ipt
rm -f /root/current.ipt
The first command saves a copy of your firewall settings.
The next 2 commands make it so all input/output are allowed (for outgoing and incoming connections)
Finally test by pinging the ip address that was giving the issue for cPanel in your log file.
If it works that means the update license command will work.
Simply run:
/usr/local/cpanel/cpkeyclt
and you are good to go.
You can restore back your rules by using the last 2 commands if you want:
iptables-restore < /root/current.ipt
rm -f /root/current.ipt
Be warned that you will be blocked again, unless you fix the firewall.

java apache ftpServer file upload and download isn't working

Im using Apache FtpServer and built my own ftp server. I`m using this server on a VM (VPS). Im able to login and list the files however, Im couldn't download or upload files. Every time I try I get the error
220 Service ready for new user.
USER testuser
331 User name okay, need password for testuser.
PASS ********
230 User logged in, proceed.
FEAT
211-Extensions supported
SIZE
MDTM
REST STREAM
LANG en;zh-tw;ja;is
MLST Size;Modify;Type;Perm
AUTH SSL
AUTH TLS
MODE Z
UTF8
TVFS
MD5
MMD5
MFMT
211 End
OPTS UTF8 ON
200 Command OPTS okay.
SYST
215 UNIX Type: Apache FtpServer
STAT /
212-
drwx------ 3 user group 0 Oct 25 02:46 lost+found
drwx------ 3 user group 0 Oct 25 06:27 v
-rw------- 1 user group 4496 Oct 25 06:30 working.txt
212 End of status.
TYPE I
200 Command TYPE okay.
PORT 10,9,226,222,220,45
200 Command PORT okay.
STOR /Records.xls
150 File status okay; about to open data connection.
220 Service ready for new user.
When I run the code on localhost, I can download, modify and upload files. Why this isn't working on a VM?

SELinux permission denied to Phusion Passenger for redmine

I am trying to install Redmine on CentOS 6.3 but I continue to get this error in the log file
Passenger could not be initialized because of this error: Unable to start
the Phusion Passenger watchdog (/usr/lib/ruby/gems/1.8/gems/passenger-4.0.20/buildout
/agents/PassengerWatchdog): Permission denied (errno=13)
I have been looking online and cannot find this error anywhere or any way to fix it. I have tried changing permissions to the folder to 777 and apache:apache but neither work.
The only solution that I have come up with to get redmine to work is to set SELinux to disabled or permissive (which I do not want to do).
Does anyone have another way to fix this problem that leaves SELinux enabled?
Found the SELinux log file under /var/log/messages
here is the end of the file
Oct 16 14:07:30 localhost pulseaudio[2329]: alsa-util.c: Disabling timer-based scheduling because running inside a VM.
Oct 16 14:07:30 localhost rtkit-daemon[2183]: Sucessfully made thread 2331 of process 2329 (/usr/bin/pulseaudio) owned by '500' RT at priority 5.
Oct 16 14:07:30 localhost pulseaudio[2329]: alsa-util.c: Disabling timer-based scheduling because running inside a VM.
Oct 16 14:07:30 localhost rtkit-daemon[2183]: Sucessfully made thread 2332 of process 2329 (/usr/bin/pulseaudio) owned by '500' RT at priority 5.
Oct 16 14:07:31 localhost rtkit-daemon[2183]: Sucessfully made thread 2427 of process 2427 (/usr/bin/pulseaudio) owned by '500' high priority at nice level -11.
Oct 16 14:07:31 localhost pulseaudio[2427]: pid.c: Daemon already running.
Oct 16 14:08:04 localhost kernel: type=1400 audit(1381957684.726:5): avc: denied { execute_no_trans } for pid=2663 comm="httpd" path="/usr/lib/ruby/gems/1.8/gems/passenger-4.0.20/buildout/agents/PassengerWatchdog" dev=dm-0 ino=1048752 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:lib_t:s0 tclass=file
Oct 16 14:08:04 localhost kernel: type=1400 audit(1381957684.760:6): avc: denied { execute_no_trans } for pid=2668 comm="httpd" path="/usr/lib/ruby/gems/1.8/gems/passenger-4.0.20/buildout/agents/PassengerWatchdog" dev=dm-0 ino=1048752 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:lib_t:s0 tclass=file
Oct 16 14:09:11 localhost pulseaudio[2329]: alsa-sink.c: ALSA woke us up to write new data to the device, but there was actually nothing to write!
Oct 16 14:09:11 localhost pulseaudio[2329]: alsa-sink.c: Most likely this is a bug in the ALSA driver 'snd_intel8x0'. Please report this issue to the ALSA developers.
Oct 16 14:09:11 localhost pulseaudio[2329]: alsa-sink.c: We were woken up with POLLOUT set -- however a subsequent snd_pcm_avail() returned 0 or another value < min_avail.
any suggestions?
So, you can fix this by using audit2allow (yum install audit-libs-python audit-libs).
SELinux logs to /var/log/audit/audit.log. If you tail and capture the output from restarting the web service (service httpd restart) you can then run the new output through audit2allow and make a module to install under selinux...
So, assuming you have captured it into a file called "audit_tmp":
cat audit_tmp | audit2allow -D -M passenger
This will create a file called passenger.pp which you can apply using:
semodule -i passenger.pp
Doing this will unblock the first thing that was stopping passenger from loading - but be aware that there will probably be more so you will need to repeats the process again until it works. I hope that makes sense!
Take a look at /var/log/syslog. That file contains SELinux error messages, which tell you how to fix up any permission problems.