If You are experiencing the following error
pcfg_openfile: unable to check htaccess file, ensure it is readable
Do the following
Login to Cpanel
go Frontpage Extensions
Reinstall it
Reload the Url
Now it will be Okay.
Thursday, August 26, 2010
Find Usefull Commands
# find /path/to/base/dir -type f -exec chmod 755 {} \;
# find public_html/ -type f -exec chmod 644 {} \;
# find public_html/ -type f -exec chmod 644 {} \;
Find Usefull Commands
# find /path/to/base/dir -type f -exec chmod 755 {} \;
# find public_html/ -type f -exec chmod 644 {} \;
# find public_html/ -type f -exec chmod 644 {} \;
Monday, August 9, 2010
What is SSL and what are Certificates?
The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between web servers and browsers. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. This is in short how it works.
1.
A browser requests a secure page (usually https://).
2.
The web server sends its public key with its certificate.
3.
The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted.
4.
The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.
5.
The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data.
6.
The web server sends back the requested html document and http data encrypted with the symmetric key.
7.
The browser decrypts the http data and html document using the symmetric key and displays the information.
Several concepts have to be understood here.
1.
A browser requests a secure page (usually https://).
2.
The web server sends its public key with its certificate.
3.
The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted.
4.
The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.
5.
The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data.
6.
The web server sends back the requested html document and http data encrypted with the symmetric key.
7.
The browser decrypts the http data and html document using the symmetric key and displays the information.
Several concepts have to be understood here.
Sunday, August 1, 2010
COURIER INSTALLATION
COURIER_MTA INSTALLATION
1.Download the courier authentication library
URL://http://www.courier-mta.org/authlib/
# rpm -qa | grep libtool
# rpm -qa | grep binutil
# rpm -qa | grep expect
# su – vasanth
# tar xvjf courier-authlib-0.63.0.tar.bz2
# cd courier-authlib-0.63.0
# ./configure
# make
# make install
# cd /usr/local/etc/authlib
# /usr/local/sbin/authdaemond start
# ps -ax | grep auth
# cd /etc/init.d
# ln -s /usr/local/sbin/authdaemond
# ln -s /etc/init.d/authdaemond /etc/rc5.d/S20authdaemond
INSATALLING Courier-IMAP
At first check the mailbox format by checking
# cat /var/qmail/control/defaultdelivery
Note: Compile courier as non root user
# tar xvjf courier-imap-4.7.0.tar.bz2
# cd courier-imap-4.7.0
# su root
#make install (must be root)
# make install-configure(must be root )
# cd /usr/lib/courier-imap/ ( Every thing related to courier will be installed inside this directory)
1.bin >>> Contain the binary file related to the courier
2. etc >>> Contain the configuaration files
3. libexec >>> Contain the startup scripts
4. libexec >>> courier tcpd is the tcp super server like xinetd and inetd
5. man >>> Mnaul pages
CONFIGURING POP3 SERVICE
# cd /usr/lib/courier-imap/etc
# vi pop3d
#/usr/lib/courier-imap/libexec/pop3d.rc start
# netstat -nlp | grep 110
# vi /usr/local/etc/authlib/authdaemonrc
uncomment the following
authmodulelist="authuserdb authpam authldap authmysql authcustom authpipe"
IF any problem regarding pop read
http://www.courier-mta.org/authlib/README.authdebug.html
COURIER -POP3-SSL
# vi /usr/lib/courier-imap/etc/pop3d.cnf
Add the entrries to your choice
# cd /usr/lib/courier-imap/share
# ./mkpop3dcert
Certificate is stored in the /usr/lib/courier-imap/share/pop3d.pem
# cd /usr/lib/courier-imap/libexec
# ./pop3d-ssl.rc start
NOTE
Link all the startup script to /etc/init.d/
and /etc/rc3.d or rc5.d
1.Download the courier authentication library
URL://http://www.courier-mta.org/authlib/
# rpm -qa | grep libtool
# rpm -qa | grep binutil
# rpm -qa | grep expect
# su – vasanth
# tar xvjf courier-authlib-0.63.0.tar.bz2
# cd courier-authlib-0.63.0
# ./configure
# make
# make install
# cd /usr/local/etc/authlib
# /usr/local/sbin/authdaemond start
# ps -ax | grep auth
# cd /etc/init.d
# ln -s /usr/local/sbin/authdaemond
# ln -s /etc/init.d/authdaemond /etc/rc5.d/S20authdaemond
INSATALLING Courier-IMAP
At first check the mailbox format by checking
# cat /var/qmail/control/defaultdelivery
Note: Compile courier as non root user
# tar xvjf courier-imap-4.7.0.tar.bz2
# cd courier-imap-4.7.0
# su root
#make install (must be root)
# make install-configure(must be root )
# cd /usr/lib/courier-imap/ ( Every thing related to courier will be installed inside this directory)
1.bin >>> Contain the binary file related to the courier
2. etc >>> Contain the configuaration files
3. libexec >>> Contain the startup scripts
4. libexec >>> courier tcpd is the tcp super server like xinetd and inetd
5. man >>> Mnaul pages
CONFIGURING POP3 SERVICE
# cd /usr/lib/courier-imap/etc
# vi pop3d
#/usr/lib/courier-imap/libexec/pop3d.rc start
# netstat -nlp | grep 110
# vi /usr/local/etc/authlib/authdaemonrc
uncomment the following
authmodulelist="authuserdb authpam authldap authmysql authcustom authpipe"
IF any problem regarding pop read
http://www.courier-mta.org/authlib/README.authdebug.html
COURIER -POP3-SSL
# vi /usr/lib/courier-imap/etc/pop3d.cnf
Add the entrries to your choice
# cd /usr/lib/courier-imap/share
# ./mkpop3dcert
Certificate is stored in the /usr/lib/courier-imap/share/pop3d.pem
# cd /usr/lib/courier-imap/libexec
# ./pop3d-ssl.rc start
NOTE
Link all the startup script to /etc/init.d/
and /etc/rc3.d or rc5.d
QMAIL-SMARTHOST
QMAIL AS SAMRTHOST
Smart host means the email gateway between our localnetwork and remote network.
There are two files in /var/qmail/control.
1./var/qmail/control/locals
2./var/qmail/control/smtproutes
locals -> Define the local domains which are allowded to route messages. It normally define localdomain and fqdn of our server. If the message is destined remote domain it will consult the smtproutes and forward all messages to that server.
Mail open relay
mv /var/qmail/control/rcpthosts /var/qmail/control/rcpthosts.bak
Smart host means the email gateway between our localnetwork and remote network.
There are two files in /var/qmail/control.
1./var/qmail/control/locals
2./var/qmail/control/smtproutes
locals -> Define the local domains which are allowded to route messages. It normally define localdomain and fqdn of our server. If the message is destined remote domain it will consult the smtproutes and forward all messages to that server.
Mail open relay
mv /var/qmail/control/rcpthosts /var/qmail/control/rcpthosts.bak
APACHE-SSL
HOW TO APACHE-SSL
Install the following
# yum install httpd-*
# yum install openssl
# yum install mod-ssl
# yum install crypto-utils
Creating Self signed
# genkey www.example.com
Go next till the creatin of certificates(select 1024 and self signed)
Certificate are stored in /etc/pki/private/www.example.com
and in
/etc/pki/tls/certs/www.example.com
Update /etc/httpd/conf.d/ssl.conf
change the line SSLCertificatefile to the following
SSLCerticatefile /etc/pki/tls/certs/www.example.com.crt
SSLCertificatekeyfile /etc/pki/tls/private/www.example.com.key
Restart the server
# service httpd restart
To verify
netstat -ntlp | grep 443
Install the following
# yum install httpd-*
# yum install openssl
# yum install mod-ssl
# yum install crypto-utils
Creating Self signed
# genkey www.example.com
Go next till the creatin of certificates(select 1024 and self signed)
Certificate are stored in /etc/pki/private/www.example.com
and in
/etc/pki/tls/certs/www.example.com
Update /etc/httpd/conf.d/ssl.conf
change the line SSLCertificatefile to the following
SSLCerticatefile /etc/pki/tls/certs/www.example.com.crt
SSLCertificatekeyfile /etc/pki/tls/private/www.example.com.key
Restart the server
# service httpd restart
To verify
netstat -ntlp | grep 443
Subscribe to:
Posts (Atom)