1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

PCI Compliance - Plesk on Ubuntu 8.04 LTS

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by LloydD, Sep 4, 2012.

  1. LloydD

    LloydD Basic Pleskian

    19
    60%
    Joined:
    Jul 18, 2010
    Messages:
    92
    Likes Received:
    0
    Location:
    Suffolk, UK
    While reseaching PCI Compliance on Ubuntu I couldn't find much info for Ubuntu so here's what has got me PCI Compliant -

    Plesk 10.4.4 MU42 PCI Compliance on Ubuntu 8.04 LTS September 2012

    Apache

    Add to or create /etc/apache2/conf.d/zz050-psa-disable-weak-ssl-ciphers.conf add
    And restart apache

    /etc/init.d/apache2 restart


    Postfix

    Open /etc/postfix/main.cf in your favourite editor eg

    vi /etc/postfix/main.cf

    And add the following -
    save the file and restart Postfix

    /etc/init.d/postfix restart


    Courier-Imap

    Here you need to edit two files, /etc/courier-imap/pop3d-ssl and /etc/courier-imap/imapd-ssl in both files find the line TLS_CIPHER_LIST and add RC4-SHA like this –

    Save the file and restart courier-imap –

    /etc/init.d/courier-imap restart


    Qmail

    Here you need to edit or create files /var/qmail/control/tlsserverciphers and /var/qmail/control/tlsclientciphers

    And add

    Save the files and restart qmail

    /etc/init.d/qmail restart


    Plesk 10.4.4

    Here you need to create the file /opt/psa/admin/conf/cipher.lst and add

    and restart the Plesk server -

    /etc/init.d/sw-cp-server restart


    Now you can check your ciphers at http://serversniff.net/content.php?do=ssl
    I have used just RC4-SHA on everything except Apache as that honoured the cipher order and others didn’t want to.
    I will look into this further at some point, but for the time being we are PCI Compliant and have mitigated against BEAST on all ports.
    I hope this helps someone else.
    Regards

    Lloyd
     
    Last edited: Oct 3, 2012
Loading...