Install Cpanel on FreeBSD 8.2

- Install FreeBSD with proper network and file system configuration (Ref:  http://docs.cpanel.net/twiki/bin/view/AllDocumentation/InstallationGuide/Quick-StartInstallationGuide)

- Install dependency packages:

# pkg_add -r wget

# pkg_add -r perl

# pkg_add -r rsync (required later for ports sync)

# pkg_add -r gmake

To Fix:

creating glibconfig.h
config.status: executing default commands
gmake: not found
child exited with value 127
Died at /usr/local/cpanel/bin/rrdtoolinstall line 109.

# pkg_add -r png // To fix the following error

To Fix : configure: error: requested PNG backend could not be enabled

- Create the following symlinks

# ln -s /usr/local/bin/wget /usr/bin/wget

# ln -s /lib/libcrypt.so.5 /lib/libcrypt.so.2 // To Fix: Shared object "libcrypt.so.2" not found,

# ln -s /lib/libc.so.7 /lib/libc.so.5 // To Fix: Shared object "libc.so.5" not found

ln -s /lib/libm.so.5 /lib/libm.so.3 // To Fix: "libm.so.3" not found

- Install Cpanel

cd /home

wget -N http://httpupdate.cpanel.net/latest

sh latest

- Once installation successful activate the license (make sure the ip is licensed -  http://www.cpanel.net/apps/verify/)  :

#  /usr/local/cpanel/cpkeyclt

- Start Cpanel

- Touch the following file

# touch /etc/rc.d/init.d/function // To fix:  Could not find functions file, your system may be broken

# /etc/init.d/cpanel start

Now you should be able to access Cpanel at https://< yourip >:2087/

Try to upgrade

Exim: /scripts/eximup --force (this will get the free bsd ports as well)
Cpanel : # /scripts/upcp

./arun

 

 

Drupal 7 issue with SQL Mode TRADITIONAL

PDOException: SQLSTATE[42000]: Syntax error or access violation: 1231 Variable 'sql_mode' can't be set to the value of 'TRADITIONAL' in lock_may_be_available() (line 165 of /includes/lock.inc).

This was the case when I installed Drupal 7 with Cpanel/Fantastico, the drupal site was displaying the above error.

This issue is discussed at drupal issues . try to patch it as mentioned in the url.

But for me it works with the following change, just removed the TRADITIONAL mode, not  sure it is the correct way to fix it. You can verify the sql modes at http://dev.mysql.com/doc/refman/5.0/en/server-sql-mode.html ,  Anyway now there is no errors in drupal site and I am able to login.

(includes/database/mysql/database.inc) Line: 65

New file
<  $this->exec("SET sql_mode='ANSI,ONLY_FULL_GROUP_BY'");
---
Old file
>  $this->exec("SET sql_mode='ANSI,TRADITIONAL'");

Also setting up the sql connection mode to SET SESSION sql_mode = "ANSI,TRADITIONAL"; is an option instead of above change.

./arun

 

 

Install and configure RSA web agent with Redhat EL5 and Apache

Login to RSA interface:

- Create the apache server as agent host with type web agent
- Generate the config file (zip file containing sdconf.rec) from RSA interface, and download to your local machine

Login to the web server

- Download the RSA web agent installation files from RSA website.

# mkdir -p /var/ace

- Copy and extract (sdconf.rec) the downloaded config file
# chmod 755 sdconf.rec

- Create the sdopts.rec file with the ip address of the machine, if you have multiple ip address assigned to the server or if the RSA we agent is a virtual machine. Otherwise the authentication might break with following kind of errors
"100: Access denied. The RSA ACE/Server rejected the Passcode. Please try again." , "attempted to authenticate using authenticator “SecurID_Native”. The user belongs to security domain “SystemDomain”"

# echo "CLIENT_IP=" > sdopts.rec
# chown -R webuser:webuser /var/ace

- Now install the RSA web agent

# tar xvf WebAgent_70_Apache_RHEL5_32_379_08201024.tar
# cd CD/
# chmod u+x install
# ./install

- Enter the location of sdconf.rec

- Configure the apache virtual host

It was found that web agent breaks if apache starts multiple server thread, so would be better to limit the thread.

< IfModule prefork.c >
StartServers 1
MinSpareServers 1
MaxSpareServers 1
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
< /IfModule >

- Now start apache and you will be able to access the RSA web interface.

Once authenticated, the RSA server will create a node secret for the agent host and will be copied automatically to the web server.

This web interface is mainly useful for the token users to reset or enable to token assigned to him.

./arun

Changing RSA passwords

 

Reset SSH Password:
-------------------
Log in to Operations console (Master):

Administration --> Networking --> Configure connectivity using SSH

Do the same procedure on Replica also (if any), it is manual process.

Reset Operations console password:
----------------------------------
Login to the master appliance with SSH

$ sudo -s // sudo as root
# su - rsaadmin // change user to rsaadmin
$ cd /usr/local/RSASecurity/RSAAuthenticationManager/ //navigate to RSA installation path
$ cd utils
$ ./rsautil manage-oc-administrator -a update // Execute

// Enter Super administrators name
// Enter Super administrators password
// Enter operation console user
// Set the new password

Do the same steps on replica
Error: This operation can be performed only on a primary instance.
But the password got changed

Reset Master password:
---------------------
Login to the master appliance with SSH

$ sudo -s // sudo as root
# su - rsaadmin // change user to rsaadmin
$ cd /usr/local/RSASecurity/RSAAuthenticationManager/ //navigate to RSA installation path
$ cd utils
$ ./rsautil manage-secrets --action change --new-password <enter_the_new_password>

Do the same procedure on the replica device.

Reset Security Console Password:
---------------------------------
Login to Security Console

Identity-->Users-->Manage Existing // Search for your admin username in internal datase

Change password for the admin user
This action will be automatically replicated to replica.

./arun