Wednesday, August 1, 2012

plesk control panel events

if you want to have a way to produce some stats about control panel usage of your parallels plesk cp, you can do a number of things.
  • you can populate a database,
  • you can write to log files
Parallels plesk control panel gives two environment variables that hold the  CONTACT_NAME of the user that just logged in or logged out.

The Environment  variable to use for an event for control panel:

  •  login    would be  ${NEW_CONTACT_NAME}
  •  logout  would be  ${OLD_CONTACT_NAME}

 one simple script to save some information in database and log some info in /var/log/syslog follows.


#!/bin/bash

LANG=en_US.UTF-8
LC_CTYPE=en_US.UTF-8

myTimeStamp=$(date +%Y-%m-%d-%T--%N)
myFullPath=/var/log/events.log/client-cp-login-$myTimeStamp.eml

echo ""--------------"" >> $myFullPath
/bin/date >> $myFullPath
/usr/bin/id >> $myFullPath
echo ""client just logged in"" >> $myFullPath
echo ""name: ${NEW_CONTACT_NAME}"" >> $myFullPath
echo ""--------------"" >> $myFullPath

dbuser='username';
dbpass='secret';

LOG=$(mysql -u$dbuser -p$dbpass psa --batch -N -e "SET NAMES 'utf8'; SELECT  CONCAT('user ',s.login,' logged in from ', s.ip_address,' moreUserInfo: ', c.pname) FROM sessions s join clients c WHERE s.login=c.login AND c.pname ='${NEW_CONTACT_NAME}' LIMIT 1;")

logger -t "plesk-client-login" "$LOG"

echo $LOG  >> $myFullPath

myTimeStamp=$(date +%Y-%m-%d-%T)
#mail -a "Content-Type: text/plain; charset=UTF-8" -s "PLESK CP LOGIN: ${NEW_CONTACT_NAME} - $myTimeStamp" -b jkara@ccf.auth.gr -c fpapaste@ccf.auth.gr     gkougiou@ccf.auth.gr < $myFullPath
mail -S sendcharsets=utf-8  -s "PLESK CP LOGIN: ${NEW_CONTACT_NAME} - $myTimeStamp" -b jkara@ccf.auth.gr -c fpapaste@ccf.auth.gr     gkougiou@ccf.auth.gr < $myFullPath

add level of security mod_itk to your plesk installation

There a lot's of different ways to protect your linux server (apache httpd processes) in a way that if a domain is compromised, all other domains will remain unaffected, and protect the server for unauthorized access as well.

System file protectionUse mod_security to confine all apache vhosts to a specific subdirectory  i.e. /var/www/vhosts/

Domain protection
Replace apache worker with apache2-mpm-itk or mod-ruid.

System File and Domain protection in the same time
Use apparmor changehat for each domain.(not yet implemented I am afraid)

The first two methods are somewhat easy to implement, and I will try to do my best in laying out some easy instructions to help you apply them to your system.

stay tuned more to come.

Monday, April 2, 2012

plesk migration - compatibility mode for the legacy option "Separate SSL and non-SSL content"

plesk Compatibility mode message

Although it might not be documented, using the plesk command line tools one can turn on and off the legacy option "Separate SSL and non-SSL content".

I got stuck with that option after migrating around 400 sited from plesk 9.5.4 to a brand new installation of plesk 10.4.4, and that compatibility message appeared in all domain options. Clicking the plesk GUI for each domain was too much... so I searched through the migration logs and found during the domain migration, there is a command line option that sets all sorts of options, one of them being -same_ssl false; so, by setting that option to true the message disappears...

In my linux system the command I executed was
 /opt/psa/bin/subscription  --update domain_tld  -php true -php_handler_type module -ssl false -same_ssl true;

You can accomplish the same thing by changing the  'Use a single directory for housing SSL and non-SSL content' option before migrating the plesk 9.5.4 domains. So login into the old plesk server and follow these steps:
Plesk
-> Domains
-> select the check-boxes of the domains you want to change
-> click 'Modify'
-> in the field 'Use a single directory for housing SSL and non-SSL content' select  'Switch on'
-> press 'OK'

that's it