Ubuntu

Migrate Plesk to MariaDB

The guide at Plesk’s DevBlog results in dependency issues on Ubuntu 14.
Here’s what the command should be when migrating to MariaDB on Ubuntu 14.04.2 LTS with Plesk 12.0.18.

1. Log in as root and run…

apt-get update

2. And run the following updated command…

env DEBIAN_FRONTEND=noninteractive apt-get -o OrderList::Score::Immediate=1000 \
install libmariadbclient18 mariadb-client-5.5 mariadb-client-core-5.5 mariadb-common mariadb-server mariadb-server-5.5 mariadb-server-core-5.5

3. Check you have MariaDB installed with

mysql -V
mysql  Ver 15.1 Distrib 5.5.41-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

I hope that helps someone else.

Notes

Some problems you may encounter, these are in the order you may receive them…

dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
Errors were encountered while processing:
 /var/cache/apt/archives/mariadb-server-5.5_5.5.41-1ubuntu0.14.04.1_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Fix: 

# dpkg -i --force-overwrite /var/cache/apt/archives/mariadb-server-5.5_5.5.41-1ubuntu0.14.04.1_amd64.deb

Following the above error you will get this…

Errors were encountered while processing:
 mariadb-server-5.5

Fix: 

# dpkg --configure -a

And finally…

Error: dpkg: error processing package mariadb-server-5.5 (--configure):
 dependency problems - leaving unconfigured
 Errors were encountered while processing:
 mariadb-server-5.5

Fix: 

# apt-get install -f
Ubuntu

Migrate Plesk to ClamAV

2 Comments

Recently a client wanted a free alternative to Plesk’s DrWeb, I went with ClamAV.
Here’s what I did to migrate the system from DrWeb to ClamAV.

REMOVE DRWEB

1. Firstly lets remove DrWeb properly: 

/opt/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --remove-component drweb

INSTALL CLAMAV

2. Now we can install ClamAV: 

apt-get install clamav clamav-base clamav-daemon clamav-freshclam clamav-milter clamsmtp libclamav6

3. Edit /etc/clamav/clamav-milter.conf and set: 

MilterSocket /var/run/clamav/clamav-milter.ctl

to

MilterSocket inet:3381@localhost

4. Now edit /etc/postfix/main.cf and add: 

milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:127.0.0.1:12768, inet:127.0.0.1:12345, inet:127.0.0.1:3381
non_smtpd_milters = inet:127.0.0.1:12345, inet:127.0.0.1:3381

Where 12768 = psa-remote, 12345 = OpenDKIM, 3381 = ClamAV.

5. Now we need to restart postfix, clamav-milter and send a test mail and check for these headers..

X-Virus-Scanned: clamav-milter 0.98.6 at hostname
X-Virus-Status: Clean

Your mail should now be scanned by both Spamassasin and ClamAV.
If you are missing the Scanned by header check the file…/etc/clamsmtpd.conf, for

# A header to add to all scanned email
Header: X-AV-Checked: ClamAV using ClamSMTP

And uncomment it.

SET UP FRESHCLAM

6. ClamAV Freshclam, can be set up in several ways, I find it best to use cron for an hourly update.
To configure freshclam run…

dpkg-reconfigure clamav-freshclam

And select cron instead of daemon.

7. You should have a default cron job for freshclam in /etc/cron.d/clamav-freshclam, should you wish to manage the task in Plesk or crontab you should disable first by commenting it out, you can then add the task to crontab like so… 

crontab -e
30	*	*	*	*	/usr/bin/freshclam --quiet

8. Now restart freshclam with

service clamav-freshclam restart

And you should be good.
Any questions feel free to contact me.

Ubuntu

Creating ECC Certificates

Here’s a very quick guide on creating ECC 256Bit Self-Signed Certificates with OpenSSL and Ubuntu 12 and 14.

1. Firstly lets create a folder to hold the files.. 

mkdir /etc/ssl/ecc

2. Move to that directory…

cd /etc/ssl/ecc

3. Now lets create the key

openssl ecparam -genkey -name prime256v1 -out ecc.key

4. Create the request

openssl req -new -key ecc.key -out ecc.csr

5. Create the certificate

openssl x509 -req -days 365 -sha256 -in ecc.csr -signkey ecc.key -out ecc.crt

6. While we are here, lets combine the private key and certificate into a .pem file. 

cat ecc.key ecc.crt > ecc.pem

You now have a Self-Signed ECC 256Bit SHA256 certificate for your domain, and a .csr file for use at your favourite CA.

Should you wish to have ECC 384 Bit, simply replace “prime256v1” in step three, with secp384r1,
and “-sha256” in step five with -sha384.

Enjoy!