Browse Tag: plesk

Enforcing Secure Passwords in Horde

A coworker, Alex, discovered that Horde, in conjunction with Plesk, allows users to change their passwords arbitrarily — but doesn’t enforce any sort of password policy, allowing such passwords as “test” or even “” (null). This, obviously, is a huge security risk as mail compromises can lead to fairly terrible things.

From his article:

If you (or a client you are representing) want to set horde to do the typical “strict password” enforcement, look for the file:

horde/passwd/backends.php

And read the bit about password policy. An example policy that can be set in this file that would require 1 capital, 1 lowercase, 1 special character and 1 number, with a minimum password size of 8, would look like:

‘password policy’ => array(
‘minLength’ => 8,
‘maxLength’ => 64,
‘maxSpace’ => 0,
‘minUpper’ => 1,
‘minLower’ => 1,
‘minNumeric’ => 1,
‘minSymbols’ => 1
),

Calculate SMTP and POP3/IMAP bandwidth from qmail logs

[code lang=”bash”](echo “smtp: `(cat maillog maillog.processed && zcat maillog.processed.*) | grep bytes | grep qmail: | awk ‘{sum=sum+$11} END { print sum}’`” && (cat maillog maillog.processed && zcat maillog.processed.*) | grep pop3 | grep LOGOUT | awk ‘{print $13,$14}’ | sed ‘s/,//g;s/….=//g’ | awk ‘{sumrcvd=sumrcvd+$1; sumsent=sumsent+$2} END {print “rcvd: “,sumrcvd,”\n” “sent: “,sumsent}’) | awk ‘{total=total+$2; print} END {print “total: “,total/1024/1024 “MB”}'[/code]

This ugly one-liner comes to us courtesy Chuck. Plesk calculates bandwidth statistics by literally reading the raw log files and performing math based on the byte totals noted in the log entries. This beast will run against the Plesk maillogs and give you a pretty summary of mail bandwidth:

[code]smtp: 397852373
rcvd: 228219
sent: 211813204
total: 581.64MB[/code]

Enable WebDAV with Plesk

Configuring WebDAV in Apache is simple, but it’s even easier to configure and manage with Plesk!

1. Create a Protected Directory
Log into Plesk and select the domain that is to receive the DAV repository. Click on “Protected Directories” and create a new one – name it as the DAV share will be named, for they are one and the same.

2. Configure WebDAV Users
Add users who should have access to this DAV repo.

3. Edit vhost.conf and Reconfigure Plesk
On the server, edit the domain’s vhost.conf and enter the following:

[code]<Directory “/var/www/vhosts/domain.com/httpdocs/DAVdir”>
DAV on
AllowOverride None
</Directory>[/code]

Regenerate Apache’s configuration and you’re golden:

[code]/usr/local/psa/admin/bin/websrvmng -av[/code]

4. Test
You can easily test DAV configuration by using a DAV client such as `cadaver’.

[code][kale@superhappykittymeow ~]$ cadaver http://www.domain.com/DAVdir
Authentication required for on server `domain.com’:
Username: kale
Password:
dav:/DAVDir/> ls
Listing collection `/DAVDir/’: collection is empty.[/code]

Success! You can manage access to the DAV share through the Plesk interface.

Obtaining Plesk user for a domain

…for a list of domains, without digging through the database!

[code lang=”bash”]cat domains | sort |uniq |while read line ; do ls -ld /home/httpd/vhosts/$line/httpdocs |awk ‘{print $3}'[/code]

‘domains’, of course, is a text file with a list of domains hosted on the server. Can be populated in whatever way you need. Easily plugged into other Plesk utilities (such as changing Plesk FTP passwords).

Change all of Plesk’s FTP passwords to random

[code lang=”bash”]for i in $(mysql -NB psa -uadmin -p`cat /etc/psa/.psa.shadow` -e ‘select login from sys_users;’); do export PSA_PASSWD=”$(openssl rand 6 -base64)”; /usr/local/psa/admin/bin/usermng –set-user-passwd –user=$i; echo “$i: $PSA_PASSWD” >> ftp_passwords; done [/code]

Thanks Geoff!

Mass IP changing in Plesk

Moving a Plesk server behind a firewall is always a pain, since the IPs are associated with domains within the Plesk database. I used to hack the database every time I had to update IPs, but doing this for 50 IPs is… not so good.

Luckily, I stumbled up on this Parallels knowledge base article, which introduces reconfigurator.pl — it reads a mapping of IPs and updates system interfaces as well as all the internal Plesky goodness.