hk@
-
Posts
43 -
Joined
-
Last visited
Posts posted by hk@
-
-
On 4/4/2020 at 5:26 PM, d00p said:
Okay, also noch die LOG_WARN kacke weg und dann läuft's
merci - kann das hier bestätigen, nach einem --force sind die LE-Certs wieder gut.
Krieg ich eventuell einen Tipp, wie dsa LOG_WARN wegzubekommen wäre?
Danke!
-
Hallo,
wir haben das gleiche Phänomen auf einer Froxlor-Installation.Gibt's da zufällig einen geordneten Fix?
Danke, hk
-
and sorry for taking the wrong forum, obviously should have posted in german here, maybe you can move this thread to the international one. thank you again.
-
3 minutes ago, d00p said:
well, don't call the "normal" cronjob with "--debug" flag, default from the generated /etc/cron.d/froxlor file is:
*/5 * * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --tasks 1> /dev/null
uhm, that's exactly what is (and was) running on this box, yet we got lots of mails reporting about socat.
-
1 minute ago, d00p said:
not required/needed for us
well, the acme.sh is reporting this on a 5-minute-basis because of the --tasks job and to get rid of this had to install it but any other "get rid of this" solutions would be welcome.
-
today we suddenly got this:
/usr/bin/php /var/www/html/scripts/froxlor_master_cronjob.php --tasks --debug
[information] TasksCron: Searching for tasks to do
[information] Running Let's Encrypt cronjob prior to regenerating webserver config files
[information] Requesting/renewing Let's Encrypt certificates
[information] Updating certificate for xxx.server.local
[Tue Dec 31 15:47:09 CET 2019] It is recommended to install socat first.
[Tue Dec 31 15:47:09 CET 2019] We use socat for standalone server if you use standalone mode.
[Tue Dec 31 15:47:09 CET 2019] If you don't use standalone mode, just ignore this warning.
[information] Checking for LetsEncrypt client upgrades before renewing certificates:
[Tue Dec 31 15:47:08 CET 2019] Installing from online archive.
[Tue Dec 31 15:47:08 CET 2019] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Tue Dec 31 15:47:09 CET 2019] Extracting master.tar.gz
[Tue Dec 31 15:47:09 CET 2019] Installing to /root/.acme.sh
[Tue Dec 31 15:47:09 CET 2019] Installed to /root/.acme.sh/acme.sh
[Tue Dec 31 15:47:09 CET 2019] Good, bash is found, so change the shebang to use bash as preferred.
[Tue Dec 31 15:47:10 CET 2019] OK
[Tue Dec 31 15:47:10 CET 2019] Install success!
[Tue Dec 31 15:47:10 CET 2019] Upgrade success!
[Tue Dec 31 15:47:10 CET 2019] Removing cron job
the box is ubuntu buster/sid after a bit of digging into the issue "apt install socat" did the trick. please add it to the required packages.
-
Hi
good news! Is there a sane way for current debian-package-users to upgrade without breaking anything (ie. upgrading using the latest tar.gz)?thx,
hk -
Hi
actually this fix is missing the removal of the compromised logfiles, otherwise it fixes future logging of passwords, but not the access to the logfile that has been compromised.
I ask you to add a proper .htaccess-block for the logs-directory _and_ remove the logfiles from there as they - if kept - are still a security-risk in the current release.
thx
hk
habe Probleme LE-Zertifikate zu beziehen
in German / Deutsch
Posted
Danke - noch eine Kleinigkeit: hätte jetzt auch das LE-Cert für den froxlor-VHost gelöscht - aber das wird anscheinend nicht wieder generiert?