headers
(GalaxyMaster | 2 Jun 05:24

Plesk 8.1.1 + Owl :)

Hello,

One of my clients has requested to install Plesk on Owl 2.0-stable,
retaining as much as possible from Owl.  The resulting system is more
secure (if it even possible with Plesk :) ), has easy to customize
Apache and MySQL (I'm running 5.0.41 with Plesk while it uses 4.1+ by
default).

I spent 10 hours to setup this beast and if anybody is interested
I could publish my notes (I was writing down each step I performed).
Indeed these notes aren't well-tested instructions on how to setup Plesk
on Owl for any possible use, but they are a good starting point.

Moreover, I can share a pre-packaged OpenVZ template where everything is
installed, but Plesk user's configuration wasn't performed yet.

Let me know if you are interested :).

-- 
(GM)

--

-- 
To unsubscribe, e-mail owl-users-unsubscribe <at> lists.openwall.com and reply
to the automated confirmation request that will be sent to you.
Permalink | Reply |
headers
Henri Salo | 2 Jun 05:32
Picon
Favicon

Re: Plesk 8.1.1 + Owl :)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 2 Jun 2007 07:27:00 +0400
"(GalaxyMaster)" <galaxy <at> openwall.com> wrote:

> Hello,
> 
> One of my clients has requested to install Plesk on Owl 2.0-stable,
> retaining as much as possible from Owl.  The resulting system is more
> secure (if it even possible with Plesk :) ), has easy to customize
> Apache and MySQL (I'm running 5.0.41 with Plesk while it uses 4.1+ by
> default).
> 
> I spent 10 hours to setup this beast and if anybody is interested
> I could publish my notes (I was writing down each step I performed).
> Indeed these notes aren't well-tested instructions on how to setup
> Plesk on Owl for any possible use, but they are a good starting point.
> 
> Moreover, I can share a pre-packaged OpenVZ template where everything
> is installed, but Plesk user's configuration wasn't performed yet.
> 
> Let me know if you are interested :).
> 

Why don't you just make HTML-site of it and post URL here. It will show
in archives if anyone is searching for it and add it to search bots so
it will show in search engines. I'll bet someone out there is looking
for your notes and he/she isn't reading this mailing-list (or atleast
he/she is to lazy to answer ;))
(Continue reading)

Permalink | Reply |
headers
(GalaxyMaster | 2 Jun 05:42

Re: Plesk 8.1.1 + Owl :)

Henri,

On Sat, Jun 02, 2007 at 06:32:23AM +0300, Henri Salo wrote:

> Why don't you just make HTML-site of it and post URL here. It will show

Unfortunately, I'm a perfectionist :) so it would take ages while I'm
satisfied with the result and am able to publish this on the Web :).
However, I thought about this.  Maybe I'll do it, but if anybody need
this right now - it's easier for me to post my working notes instead of
preparing a HOWTO.

-- 
(GM)

--

-- 
To unsubscribe, e-mail owl-users-unsubscribe <at> lists.openwall.com and reply
to the automated confirmation request that will be sent to you.
Permalink | Reply |
headers
Henri Salo | 2 Jun 06:17
Picon
Favicon

Re: Plesk 8.1.1 + Owl :)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 2 Jun 2007 07:42:35 +0400
"(GalaxyMaster)" <galaxy <at> openwall.com> wrote:

> Henri,
> 
> On Sat, Jun 02, 2007 at 06:32:23AM +0300, Henri Salo wrote:
> 
> > Why don't you just make HTML-site of it and post URL here. It will
> > show
> 
> Unfortunately, I'm a perfectionist :) so it would take ages while I'm
> satisfied with the result and am able to publish this on the Web :).
> However, I thought about this.  Maybe I'll do it, but if anybody need
> this right now - it's easier for me to post my working notes instead
> of preparing a HOWTO.
> 

Well, You can actually just paste it to txt and upload it to Internet.
Fast and you get your satisfaction. 

- ---
Henri Salo <fgeek at hack.fi> +358407705733
GPG ID: 2EA46E4F  fp: 14D0 7803 BFF6 EFA0 9998  8C4B 5DFE A106 2EA4 6E4F
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGYO9vXf6hBi6kbk8RAiNSAKCD6blhiYFLniIb64jm+4EVAZOccQCfYT/+
(Continue reading)

Permalink | Reply |
headers
Krzysztof Śniadoch | 2 Jun 10:59
Picon

Re: Plesk 8.1.1 + Owl :)

(GalaxyMaster) wrote:
> One of my clients has requested to install Plesk on Owl 2.0-stable,
> retaining as much as possible from Owl.  The resulting system is more
> secure (if it even possible with Plesk :) ), has easy to customize
> Apache and MySQL (I'm running 5.0.41 with Plesk while it uses 4.1+ by
> default).
>
> I spent 10 hours to setup this beast and if anybody is interested
> I could publish my notes (I was writing down each step I performed).
> Indeed these notes aren't well-tested instructions on how to setup Plesk
> on Owl for any possible use, but they are a good starting point.
>
> Moreover, I can share a pre-packaged OpenVZ template where everything is
> installed, but Plesk user's configuration wasn't performed yet.
>
> Let me know if you are interested :).
>

Hi Galaxy,
It would be great if you could drop me/us the notes :) Currently I'm using 
cpanel but thinking about giving the second chance to Plesk (I've used it 
once :P)
Setting up Plesk on OWL is awesome solution, especially when it comes to 
security but it seems to be a bit complicated to get it all working on 
non-supported distribution such as our OWL  :)

Galaxy, it would be really helpful for me to look thorugh your notes to see 
how you deal with all of this. 
I also agree with Henri Salo that you could put this on the web (you can 
always mark the text as "highly experimental" ^_^)
(Continue reading)

Permalink | Reply |
headers
Solar Designer | 2 Jun 20:17

Re: Plesk 8.1.1 + Owl :)

On Sat, Jun 02, 2007 at 10:59:32AM +0200, Krzysztof ?niadoch wrote:
> Currently I'm using cpanel

Was cPanel easy to install on Owl?  Did you run into any issues (and
solve them)?

> Setting up Plesk on OWL is awesome solution, especially when it comes to 
> security ...

Actually, I wouldn't call Plesk (or cPanel for that matter) installed on
any OS reasonably secure for my own use.  Sure, you do get some
advantages of Owl that other Linux distributions don't offer (e.g., tcb
and stronger password hashes), but other than that Plesk (or cPanel)
pretty much kills the security of any underlying Linux distribution.

The advantage of installing Plesk on Owl rather than on another Linux
distro, as I see it, is in the uniformity (if you use Owl elsewhere -
e.g., in other VPSes on the same server, as well as on its host system,
like we do on machines that we setup for the clients).  Also, Owl is
smaller and arguably cleaner than most other Linux distros that run
Plesk.  With such a setup, some security comes from the use of VPSes.

> Galaxy, it would be really helpful for me to look thorugh your notes to see 
> how you deal with all of this. 
> I also agree with Henri Salo that you could put this on the web (you can 
> always mark the text as "highly experimental" ^_^)

Actually, posting to owl-users is quite close to placing text marked
"experimental" on the web since there are web-based archives of this
list.  A web URL for such posting could then be linked to.  And its
(Continue reading)

Permalink | Reply |
headers
Krzysztof Śniadoch | 4 Jun 18:01
Picon

Re: Plesk 8.1.1 + Owl :)

Solar Designer wrote:
> On Sat, Jun 02, 2007 at 10:59:32AM +0200, Krzysztof ?niadoch wrote:
> > Currently I'm using cpanel
>
> Was cPanel easy to install on Owl?  Did you run into any issues (and
> solve them)?

Hmm... It's not like that. Currently, we're using CentOS as based 
distribution, that's because of the support.
But having quite a lot of security problems, I'm seriously thinking about 
switching to OWL with Plesk/cPanel. I got to recalculate many things so thi 
won't be an easy decision :/ Thanks to the notes of Galaxy now I can see how 
the things needs to be done to get Plesk working - that's really important.

>
> > Setting up Plesk on OWL is awesome solution, especially when it comes to
> > security ...
>
> Actually, I wouldn't call Plesk (or cPanel for that matter) installed on
> any OS reasonably secure for my own use.  Sure, you do get some
> advantages of Owl that other Linux distributions don't offer (e.g., tcb
> and stronger password hashes), but other than that Plesk (or cPanel)
> pretty much kills the security of any underlying Linux distribution.
>

The kernel security by OWL patch is also the improvement that I'm counting on.
Especially, when we had a critical security issues thanks to the 2.6.x 
kernels :/
You're absolutely right writting about killing security by Plesk/cPanel :/
(Continue reading)

Permalink | Reply |
headers
Solar Designer | 20 Jun 19:49

community website

On Mon, Jun 04, 2007 at 06:01:28PM +0200, Krzysztof ?niadoch wrote:
> Hmm... I've an idea :) Solar, what do you thing about creating something 
> like 'how to' link at the http://openwall.com/Owl ?

Sure, but I'd like to see some content first.  Alternatively, we may
setup a wiki, say, under openwall.info (which is currently unused) and
see how it goes.

> Owl-users could post here, the ready step by step solutions, the rest of list 
> could make/annonce/apply :) "patches" to the text,

That would be great, but it is just not happening.

> and after that, the solution could finally go at the web :-)
> 
> The people who're visiting Openwall's website could see that the distribution 
> has ready to use solutions so they don't need to gooooogle to get things 
> done :) That's really helpful, especially for new users :-)

I agree.

Thanks,

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

--

-- 
To unsubscribe, e-mail owl-users-unsubscribe <at> lists.openwall.com and reply
(Continue reading)

Permalink | Reply |
headers
(GalaxyMaster | 2 Jun 20:43

Re: Plesk 8.1.1 + Owl :)

Hello,

This are a little bit edited notes taken during my research on the
possibility to run Plesk 8.1.1 on Owl 2.0-stable.

On Sat, Jun 02, 2007 at 07:27:00AM +0400, (GalaxyMaster) wrote:

> Let me know if you are interested :).

I'd like to point out my goals:

* to preserve as much in the Plesk internal structure so further updates
of Plesk should be possible;

* use Owl as underlying OS;

* be able to have customized LAMP suite;

Re: the last item -- Owl hasn't precompiled LAMP packages so there are
several possible options:

* build software using source tarballs (flexible but requires knowledge
of what you are doing and how Plesk is organized);

* re-build software from RH source packages (FC, RHEL);

For my installation I've chosen the former but if you are unfamiliar
with the internal Plesk stuff it might be easier to get it working with
the latter and customize software after the installation.
(Continue reading)

Permalink | Reply |
headers
(GalaxyMaster | 2 Jun 21:07

Re: Plesk 8.1.1 + Owl :)

On Sat, Jun 02, 2007 at 10:43:42PM +0400, (GalaxyMaster) wrote:

> * I have binary modified the following files to replace
> librpm*-4.3.so with librpm*-4.2.so but perhaps this is overkill.

Uh-oh, I have forgotten to list the files :)

/usr/local/psa/admin/sbin/packagemng
/usr/local/psa/admin/sbin/autoinstaller
/usr/local/psa/bin/autoinstaller

:)

-- 
(GM)

--

-- 
To unsubscribe, e-mail owl-users-unsubscribe <at> lists.openwall.com and reply
to the automated confirmation request that will be sent to you.
Permalink | Reply |
headers
Solar Designer | 3 Jun 04:43

Re: Plesk 8.1.1 + Owl :)

Galaxy,

Thank you for spending the time to write down and post those notes, and
for bringing life back to this quiet mailing list.

I haven't reviewed this yet (and I might not do it ever), but here's one
thing I've noticed:

On Sat, Jun 02, 2007 at 10:43:42PM +0400, (GalaxyMaster) wrote:
> 4. RHEL don't mind you having long account names but Owl restricts them
>    to 8 characters.  Unfortunately, the RH webalizer package uses a long
>    name so we need to mimic it here:
> 
>    # useradd -s /sbin/nologin -d /var/www/usage webalize
>    # for f in /etc/passwd /etc/groups /etc/tcb/webalize/shadow ; do
>          sed -i 's,^webalize:,webalizer:,g' $f
>      done
>    # mv /etc/tcb/webalize /etc/tcb/webalizer
> 
>    NB: pwck will bark on 'webalizer' but we will fix this later.

This is a really weird workaround.  There exists a simple solution -
edit the USERNAME_MAX setting in /etc/login.defs.  By default it's 8,
but it can be increased to 9 for the "useradd" command to add
"webalizer".  Then it can be changed back to 8, to enforce our default
length restriction on further users to be created.

--

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
(Continue reading)

Permalink | Reply |
headers
(GalaxyMaster | 3 Jun 05:12

Re: Plesk 8.1.1 + Owl :)

On Sun, Jun 03, 2007 at 06:43:12AM +0400, Solar Designer wrote:

> This is a really weird workaround.  There exists a simple solution -
> edit the USERNAME_MAX setting in /etc/login.defs.  By default it's 8,
> but it can be increased to 9 for the "useradd" command to add
> "webalizer".  Then it can be changed back to 8, to enforce our default
> length restriction on further users to be created.

Recalling our last discussion re: long user names I assumed that it
isn't that great to have users with names longer than 8 chars.

Re: login.defs.  Yes, I'm aware of this file but with my workaround this
file isn't tampered and further rpm -Uvh will happily upgrade it (not
leaving an .rpmsave copy).  All in all, we need that 'webalizer' user
temporarily.  Pointing out in my message to the possibility to set
USERNAME_MAX could seduce users to set this limit high (Plesk allows
very long names for client account) -- so there might be more problems.

Anyway, thanks for pointing this out.

-- 
(GM)

--

-- 
To unsubscribe, e-mail owl-users-unsubscribe <at> lists.openwall.com and reply
to the automated confirmation request that will be sent to you.
Permalink | Reply |
headers
Krzysztof Śniadoch | 4 Jun 16:33
Picon

Re: Plesk 8.1.1 + Owl :)

GalaxyMaster wrote:
> This are a little bit edited notes taken during my research on the
> possibility to run Plesk 8.1.1 on Owl 2.0-stable.
>...

>
> P.S. I hope that it was worth to type all of this and that this
> message will help make Owl more publicly recognized.  But more
> important, I hope that I have helped somebody to make their
> life easier :).

Galaxy, great thanks for such well and nicely written text (yeah, we're ready 
to rock :P) The notes you've gave us will help me to make right decisions 
about switching to Owl as underlying OS.
It has to be well thought decision so your notes are priceless in my case :)
... and lots of hours are saved thanks to the steps you wrote :-D

Once again great thanks for your great work :)

-- 
Krzysztof Śniadoch <krzysiek at securenet.pl>   
http://www.securenet.pl - Information Technology
http://hosting.securenet.pl - Dział Hostingu
[ GPG KeyID: 1F7969B8 ]
fp: 4E13 4F89 0A17 A47F 883B 6855 421B E4E8 1F79 69B

--

-- 
To unsubscribe, e-mail owl-users-unsubscribe <at> lists.openwall.com and reply
to the automated confirmation request that will be sent to you.
(Continue reading)

Permalink | Reply |

Gmane