Posts Tagged ‘plesk’

Enforcing Secure Passwords in Horde

Sunday, June 13th, 2010

A coworker, Alex, discovered that Horde, in conjunction with Plesk, allows users to change their passwords arbitrarily — but doesn't enforce any sort of password policy, allowing such passwords as "test" or even "" (null). This, obviously, is a huge security risk as mail compromises can lead to fairly terrible things.

From his article:

If you (or a client you are representing) want to set horde to do the typical “strict password” enforcement, look for the file:

horde/passwd/backends.php

And read the bit about password policy. An example policy that can be set in this file that would require 1 capital, 1 lowercase, 1 special character and 1 number, with a minimum password size of 8, would look like:

‘password policy’ => array(
‘minLength’ => 8,
‘maxLength’ => 64,
‘maxSpace’ => 0,
‘minUpper’ => 1,
‘minLower’ => 1,
‘minNumeric’ => 1,
‘minSymbols’ => 1
),

Tags: , , ,
Posted in howto, tips and tricks | No Comments »

Calculate SMTP and POP3/IMAP bandwidth from qmail logs

Friday, October 30th, 2009
(echo "smtp:  `(cat maillog maillog.processed && zcat maillog.processed.*) | grep bytes | grep qmail: | awk '{sum=sum+$11} END { print sum}'`" && (cat maillog maillog.processed && zcat maillog.processed.*) | grep pop3 | grep LOGOUT | awk '{print $13,$14}' | sed 's/,//g;s/….=//g' | awk '{sumrcvd=sumrcvd+$1; sumsent=sumsent+$2} END {print "rcvd: ",sumrcvd,"\n" "sent: ",sumsent}') | awk '{total=total+$2; print} END {print "total: ",total/1024/1024 "MB"}'

This ugly one-liner comes to us courtesy Chuck. Plesk calculates bandwidth statistics by literally reading the raw log files and performing math based on the byte totals noted in the log entries. This beast will run against the Plesk maillogs and give you a pretty summary of mail bandwidth:

smtp: 397852373
rcvd: 228219
sent: 211813204
total: 581.64MB

Tags: , ,
Posted in one-liners | No Comments »

Enable WebDAV with Plesk

Friday, September 25th, 2009

Configuring WebDAV in Apache is simple, but it's even easier to configure and manage with Plesk!

1. Create a Protected Directory
Log into Plesk and select the domain that is to receive the DAV repository. Click on "Protected Directories" and create a new one – name it as the DAV share will be named, for they are one and the same.

2. Configure WebDAV Users
Add users who should have access to this DAV repo.

3. Edit vhost.conf and Reconfigure Plesk
On the server, edit the domain's vhost.conf and enter the following:

<Directory "/var/www/vhosts/domain.com/httpdocs/DAVdir">
DAV on
AllowOverride None
</Directory>

Regenerate Apache's configuration and you're golden:

/usr/local/psa/admin/bin/websrvmng -av

4. Test
You can easily test DAV configuration by using a DAV client such as `cadaver'.

[kale@superhappykittymeow ~]$ cadaver http://www.domain.com/DAVdir
Authentication required for on server `domain.com':
Username: kale
Password:
dav:/DAVDir/> ls
Listing collection `/DAVDir/': collection is empty.

Success! You can manage access to the DAV share through the Plesk interface.

Tags: , ,
Posted in apache, howto | No Comments »

Obtaining Plesk user for a domain

Friday, June 19th, 2009

…for a list of domains, without digging through the database!

cat domains | sort |uniq |while read line ; do ls -ld /home/httpd/vhosts/$line/httpdocs |awk '{print $3}'

'domains', of course, is a text file with a list of domains hosted on the server. Can be populated in whatever way you need. Easily plugged into other Plesk utilities (such as changing Plesk FTP passwords).

Tags: ,
Posted in one-liners | No Comments »

Change all of Plesk's FTP passwords to random

Sunday, March 22nd, 2009
for i in $(mysql -NB psa -uadmin -p`cat /etc/psa/.psa.shadow` -e 'select login from sys_users;'); do export PSA_PASSWD="$(openssl rand 6 -base64)"; /usr/local/psa/admin/bin/usermng --set-user-passwd --user=$i; echo "$i: $PSA_PASSWD" >> ftp_passwords; done

Thanks Geoff!

Tags: ,
Posted in one-liners | 1 Comment »

Mass IP changing in Plesk

Sunday, March 15th, 2009

Moving a Plesk server behind a firewall is always a pain, since the IPs are associated with domains within the Plesk database. I used to hack the database every time I had to update IPs, but doing this for 50 IPs is… not so good.

Luckily, I stumbled up on this Parallels knowledge base article, which introduces reconfigurator.pl — it reads a mapping of IPs and updates system interfaces as well as all the internal Plesky goodness.

Tags:
Posted in tips and tricks | 2 Comments »