Web Control Panel

September 14, 2023 by dev

MySQL: Error Code: 1118

#1118 – Row size too large (> 8126). Changing some columns to TEXT or BLOB may help. In current row format, BLOB prefix of 0 bytes is stored inline.
Change limit for “Mysql Row size too large”
Row size too large 8126 Changing some columns
1118 Row size too large

The error was: SQLSTATE[42000]: Syntax error or access violation: 1118 Row size too large. The maximum row size for the used table type, not counting BLOBs, is 8126. This includes storage overhead, check the manual. You have to change some columns to TEXT or BLOBs

Solution
Login to phpMyAdmin with root previllege
Go to Variables
Then edit Innodb Strict Mode as follows
```
innodb_strict_mode = 0
```

August 4, 2023 by dev

aaPanel Error and Solutions

= InnoDB: Missing FILE_CHECKPOINT at 42251 between the checkpoint 42251 and the end 42347.

Try the following command to remove the file, and then restart mysql to see if there is an error?

cd /www/server/data/
mv ibdata1 /tmp/ibdata1.bak
mv ib_logfile0 /tmp/ib_logfile0.bak
mv ib_logfile1 /tmp/ib_logfile1.bak
/etc/init.d/mysqld restart

Deprecation Notice in ./libraries/classes/Di/ReflectorItem.php#82
Method ReflectionParameter::getClass() is deprecated

you need to uninstall the original phpMyAdmin and then re install it to select version 5.2. Unloading phpMyAdmin will not affect the database data, so it is safe to operate.

= Reset mySQL root password

Starting in MariaDB 10.4 onwards, the mysql.user is not a table anymore, thus requiring a new command to reset the password.

mysql -u root -e 'SET PASSWORD FOR `root`@`localhost` = PASSWORD("new_password"); FLUSH PRIVILEGES;'

Change the new_password to your new password.

July 30, 2023 by dev

How To Create a New User and Grant Permissions in MySQL

Access MariaDB Server

mysql -u root -p

Create new database

CREATE DATABASE bdhostidb;

Check whether the database created

SHOW DATABASES;

GRANT ALL PRIVILEGES ON 'sqI_bdhositit_co'.* TO 'sqI_bdhositit_co'@localhost;

July 29, 2023 by dev

aaPanel Security Risk and Solution

Detect whether secure socket layer encryption is used to transmit information to avoid eavesdropping on sensitive information

Test type: Whether to use encrypted remote administration ssh
Risk level: Medium risk

Risk detail: Remote administration of ssh without secure socket encryption

Solution:

1. Add or modify Protocol 2 in [/etc/ssh/sshd_config] file
2. Then run the command systemctl restart sshd to restart the process

Tips: This scheme can enhance the protection of SSH communication and avoid sensitive data leakage.

Check if the command-line interface timeout is set

Test type: Check if the command-line interface timeout is set
Risk level: Medium risk

Risk detail: No command line timeout is configured for exit

Solution:

1. Add tmout=300 in the file [/etc/profile], and the waiting time is not more than 600 seconds
2. Execute source /etc/profile to make the configuration work

Tips: This solution will make the server command line over a certain period of time does not operate automatically shut down, can strengthen the security of the server.

User FTP access security configuration checks

Test type: User FTP access security configuration
Risk level: Medium risk

Risk detail: Currently pure-ftpd is not configured with security access. Modify/add the value of Umask to 177:077 in the [pure-ftpd.conf] file

Solution:

1. In [/www/server/pure-ftpd/etc/pure-ftpd.conf] change the value of Umask to 177:077 in the config file

Tips: This scheme can enhance the protection of FTP server and reduce the risk of server intrusion.

Check important files for suid and sgid permissions

Test type: Check for files with suid and sgid permissions
Risk level: Medium risk

Risk detail: The following files have sid privilege, chmod u-s or g-s remove sid bits: “/usr/bin/chage、/usr/bin/gpasswd、/usr/bin/wall、/usr/bin/chfn、/usr/bin/chsh、/usr/bin/newgrp、/usr/bin/write、/usr/sbin/usernetctl、/bin/mount、/bin/umount、/sbin/netreport”

Solution:

1. Use the chmod u-s/g-s [filename] command to change the permissions of the file

Tips: This scheme removes the special permissions of important files, which can prevent intruders from using these files for privilege escalation.

chmod g-s /usr/bin/chage
chmod u-s /usr/bin/gpasswd
chmod u-s /usr/bin/chfn
chmod u-s /usr/bin/chsh
chmod u-s /usr/bin/newgrp
chmod u-s /bin/mount
chmod u-s /bin/umount

bootloader Configuring permission checks

Test type: bootloader Configuring permissions
Risk level: Medium risk

Risk detail: The following critical file or directory permissions are incorrect:/boot/grub2/grub.cfg Current permissions: 644 : root Security permissions: 600 : root

Solution:

1. Configure secure permissions for grub according to the file suggested by the risk description
2. If grub2, then: chmod 600 /boot/grub2/grub.cfg、chown root /boot/grub2/grub.cfg
3. If grub, then: chmod 600 /boot/grub/grub.cfg、chown root /boot/grub/grub.cfg

Tips: This scheme can strengthen the server grub interface protection, further prevent external intrusion server.

Check if an empty password user exists

Test type: Check if an empty password user exists
Risk level: High risk

Risk detail: Found an empty password user【】

Solution:

1. Log in to server as root, set password for empty password user
2. If you do not know the user’s purpose, you can execute the command [passwd -l (username)] to temporarily block the user.Unlock user command [passwd-fu (username)]

Tips: detects the existence of blank password users, may be hackers reserved backdoor users, if not business needs to suggest setting a password.

sudo awk -F":" '($2 == "") {print $1 ": has no password."}' /etc/shadow

Critical file permission checks

Test type: Critical file permission checks
Risk level: High risk

Risk detail: The following critical files or directories have permission errors:

/etc/shadow Current permissions: 000 : root Suggested changes to: 400 : root
/etc/security Current permissions: 755 : root Suggested changes to: 600 : root
/etc/ssh/sshd_config Current permissions: 600 : root Suggested changes to: 644 : root
/etc/gshadow Current permissions: 000 : root Suggested changes to: 400 : root
/etc/shadow Current permissions: 000 : root Suggested changes to: 400 : root
/etc/gshadow Current permissions: 000 : root Suggested changes to: 400 : root

Solution:

1、On the [File] page, set the correct permissions and owner for the specified directory or file

Detect whether to limit password reuse times

Test type: Check password reuse limit
Risk level: Medium risk

Risk detail: Unlimited password reuse

Solution:

1、Configuration file backup: cp -p /etc/pam.d/system-auth /etc/pam.d/system-auth.bak
2、Add or modify remember=5 after [password sufficient] in [/etc/pam.d/system-auth] file

SSH idle timeout detection

Test type: SSH idle timeout detection
Risk level: Medium risk

Risk detail: The current SSH idle timeout time is: 0, it is recommended to set it to 600-900

Solution:

1、Set [ClientAliveInterval] in the [/etc/ssh/sshd_config] file to be between 600 and 900
2、Tip: The recommended SSH idle timeout time is: 600-900

Check whether the current panel port is safe

Test type: Panel port
Risk level: Medium risk

Risk detail: The panel port is the default port (7800), which may cause unnecessary security risks

Solution:

1. Please modify the default panel port on the [Settings] page
2. Note: Servers with [Security Group] should release the new port in the [Security Group] in advance to prevent the new port cannot be opened

SSH password complexity check

Test type: SSH password complexity check
Risk level: Medium risk

Risk detail: 【/etc/security/pwquality.conf】set the minclass setting to 3 or 4 in the file

Solution:

1、【/etc/security/pwquality.conf】 Set password complexity to require 3 or 4 types of characters, such as lowercase letters, uppercase letters, numbers, and special characters. like：
2、minclass=3

/etc/bashrc User default permission check

Test type: [/etc/bashrc] User default permission check
Risk level: Medium risk

Risk detail: umask is not set to 027

Solution:

1、[/etc/bashrc] The umask set in the file is 002, and it is recommended to set it to 027
2、Solution: Modify the /etc/bashrc file permission to 027

Panel login alarm

Test type: Panel login alarm
Risk level: Medium risk

Risk detail: Please enable it in [Settings] – [Notification]

Solution:

1、Enable it in [Settings] – [Notification]

[/etc/csh.cshrc] User default permission check

Test type: [/etc/csh.cshrc] User default permission check
Risk level: Medium risk

Risk detail: umask not set to 027

Solution:

1、[/etc/csh.cshrc] The umask set in the file is 002, which does not meet the requirements. It is recommended to set it to 027
2、The operation is as follows: Modify umask to 027

Check the minimum interval between SSH password changes

Test type: Check the minimum interval between SSH password changes
Risk level: Medium risk

Risk detail: 【/etc/login.defs】In the file, PASS_MIN_DAYS is greater than or equal to 7

Solution:

1、[/etc/login.defs] PASS_MIN_DAYS should be set to be greater than or equal to 7
2、PASS_MIN_DAYS 7 needs to execute the command at the same time to set the expiration time of the root password. The command is as follows: chage –mindays 7 root

Check SSH password expiration time

Test type: Check SSH password expiration time
Risk level: Medium risk

Risk detail: 【/etc/login.defs】Set PASS_MAX_DAYS to between 90-180 in the file

Solution:

1、[/etc/login.defs] Use a non-password login key pair. Please ignore this, and set the PASS_MAX_DAYS parameter to between 90-180 in /etc/login.defs
2、PASS_MAX_DAYS 90 You need to execute the command to set the root password expiration time at the same time. The command is as follows: chage –maxdays 90 root

The panel is not monitoring

Test type: The panel is not monitoring
Risk level: Low risk

Risk detail: Open it in [Monitor] – [System Monitor]

Solution:

1、Open it in [Monitor] – [System Monitor]

Check the website to prevent cross-site

Test type: Website anti-cross-site detection
Risk level: Low risk

Risk detail: The following websites are not enabled for cross-site prevention: …

Solution:

1. On the [WebSite] page, [Settings]-[Site Directory], turn on the [Anti-cross-site attack (open_basedir)] function

PHP version leaked

Test type: PHP version leaked
Risk level: High risk

Risk detail: Risk-free

Suggest:

1. Set [expose_php] in the [php.ini] file and configure it to Off
2. Tips: Set [expose_php] in the [php.ini] file and configure it to Off

Tips: This solution can prevent the disclosure of sensitive information on the website and reduce the possibility of server intrusion.

July 29, 2023 by dev

aaPanel Management script

aaPanel Management script

```
Stop
service bt stop
```
Start

service bt start

Restart

service bt restart

Uninstall

service bt stop && chkconfig –del bt && rm -f /etc/init.d/bt && rm -rf /www/server/panel

View current port of control panel

cat /www/server/panel/data/port.pl

Change port of control panel，e.g. 8881（centos 6 Operation System）

echo ‘8881’ > /www/server/panel/data/port.pl && service bt restart iptables -I INPUT -p tcp -m state –state NEW -m tcp –dport 8881 -j ACCEPT service iptables save service iptables restart

Change port of control panel，e.g. 8881（centos 7 Operation System）

echo ‘8881’ > /www/server/panel/data/port.pl && service bt restart firewall-cmd –permanent –zone=public –add-port=8881/tcp firewall-cmd –reload

Force to change MySQL manager (root) Password，e.g. 123456

cd /www/server/panel && python tools.py root 123456

Change control Panel login password，e.g. 123456

cd /www/server/panel && python tools.py panel 123456

Site Configuration location

/www/server/panel/vhost

Delete banding domain of control panel

rm -f /www/server/panel/data/domain.conf

Clean login restriction

rm -f /www/server/panel/data/*.login

View control panel authorization IP

cat /www/server/panel/data/limitip.conf

Stop access restriction

rm -f /www/server/panel/data/limitip.conf

View permission domain

cat /www/server/panel/data/domain.conf

Turn off control panel SSL

rm -f /www/server/panel/data/ssl.pl && /etc/init.d/bt restart

View control panel error logs

cat /tmp/panelBoot

View database error log

cat /www/server/data/*.err

Site Configuration directory(nginx)

/www/server/panel/vhost/nginx

Site Configuration directory(apache)

/www/server/panel/vhost/apache

Site default directory

/www/wwwroot

Database backup directory

/www/backup/database

Site backup directory

/www/backup/site

Site logs

/www/wwwlogs

Nginx

nginx installation directory

/www/server/nginx

Start

service nginx start

Stop

service nginx stop

Restart

service nginx restart

Reload

service nginx reload

nginx Configuration

/www/server/nginx/conf/nginx.conf

Apache

apache installation directory

/www/server/httpd

Start

service httpd start

Stop

service httpd stop

Restart

service httpd restart

Reload

service httpd reload

apache Configuration

/www/server/apache/conf/httpd.conf

MySQL

mysql installation directory

/www/server/mysql

phpmyadmin installation directory

/www/server/phpmyadmin

Data storage directory

/www/server/data mysql

Start

service mysqld start

Stop

service mysqld stop

Restart

service mysqld restart

Reload

service mysqld reload

mysql Configuration

/etc/my.cnf

FTP

ftp installation directory

/www/server/pure-ftpd

Start

service pure-ftpd start

Stop

service pure-ftpd stop

Restart

service pure-ftpd restart

ftp Configuration

/www/server/pure-ftpd/etc/pure-ftpd

PHP

php installation directory

/www/server/php

Start (Please modify by PHP version, e.g. service php-fpm-54 start)

servicephp-fpm-{52|53|54|55|56|70|71|72|73|74|80|81} start

Stop(Please modify by PHP version, e.g. service php-fpm-54 stop)

service php-fpm-{52|53|54|55|56|70|71|72|73|74|80|81} stop

Restart(Please modify by PHP version, e.g. service php-fpm-54 restart)

service php-fpm-{52|53|54|55|56|70|71|72|73|74|80|81} restart

Reload(Please modify by PHP version, e.g. service php-fpm-54 reload)

service php-fpm-{52|53|54|55|56|70|71|72|73|74|80|81} reload

Configuration(Please modify by PHP version, e.g. /www/server/php/52/etc/php.ini)

/www/server/php/{52|53|54|55|56|70|71|72|73|74|80|81}/etc/php.ini

Redis

redis installation directory

/www/server/redis

Start

service redis start

Stop

service redis stop

redis Configuration

/www/server/redis/redis.conf

Memcached

memcached installation directory

/usr/local/memcached

Start

service memcached start

Stop

service memcached stop

Restart

service memcached restart

Reload

service memcached reload