Sunday, 19 October 2014

POODLE vulnerability (cPanel servers)

We are getting mails from client asking to check the POODLE vulnerability on their servers. To check this, run;


openssl s_client -connect ServerIP:443 -ssl3

If you get


CONNECTED(00000003)
140051818760008:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1257:SSL alert number 40
140051818760008:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
========================

It's not vulnerable to POODLE. If the result showing any other result then perform below steps;
+++++++++++++
++++++++++++++
+++++++++++++++
1. Go to

WHM » Home » Service Configuration » Apache Configuration » Global Configuration

Add

SSL Cipher Suite: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH:!aNULL

After that;

2. Go to

Home » Service Configuration » Apache Configuration » Include Editor » Pre Main Include

Select all versions, then add below lines (for CentOS/RHEL 6.x:)

Code: [Select]
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

Select all versions, then add below lines (CentOS/RHEL 5.x:)

Code: [Select]
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1

Then update.

It will resolve the issue :)

Posted by at No comments:

Saturday, 18 October 2014

FrontAccounting Installation

FrontAccounting Installation
============================

Download the archive file to the root directory

(wget http://softlayer-sng.dl.sourceforge.net/project/frontaccounting/FrontAccounting-2.3/2.3.22/frontaccounting-2.3.22.tar.gz )

 Steps
======
step 1:

cd domain.com/front/

wget http://softlayer-sng.dl.sourceforge.net/project/frontaccounting/FrontAccounting-2.3/2.3.22/frontaccounting-2.3.22.zip

Step 2:

untar the archive 

tar -xvf frontaccounting-2.3.22.zip

Check the file permission and owner ship
======
correct the permissions and ownership to account user.

Database creation

create a mysql database and user account.
  database name , database user and database password those will required while running the installation wizard.

Run the install wizard. Enetr domain.com/front (or whatever directory you entered). This will run the install wizard.

===
domain.com/front
===

URL:

========
http://frontaccounting.com/wb3/pages/download.php
http://frontaccounting.com/wb3/pages/download/installation-guide.php
petermoulding.com/frontaccounting
=========

OR

Also frontaccounting can be easily installed using softaculous auto installer.
=====
http://kb.site5.com/control/cpanel/cp-software/cpanel-how-to-install-frontaccounting/
http://demo.softaculous.com/enduser/index.php?act=software&soft=201
=====
Posted by at No comments:
Subscribe to: Posts (Atom)