Facebook
Twitter
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion -
Inviting everyone to the UX test of a new security feature in the WP Toolkit
For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.
Question psa-firewall via cli/ansible
- Thread starter Dave W
- Start date
Dave W
Regular Pleskian
Hi VGS,
My solution was to disable plesk-firewall and just create my own iptables ruleset and use that with Ansible.
Not really a fix but it works for me.
Dave
My solution was to disable plesk-firewall and just create my own iptables ruleset and use that with Ansible.
# Disable the Plesk firewall extension
- name: Disable Plesk Firewall
command: /usr/local/psa/bin/modules/firewall/settings -d removes=/etc/rc.d/init.d/psa-firewall
# Remove the Plesk firewall extension if installed
- name: UnInstall Plesk Firewall Extension if installed
command: plesk installer --select-release-current --remove-component psa-firewall removes=/etc/rc.d/init.d/psa-firewall
# Upload the the iptables file and restart iptables
- name: Upload the the iptables file to /etc/sysconfig/ and restart iptables
copy: src=files/security/iptables dest=/etc/sysconfig owner=root group=root mode=0644 backup=yes
notify:
- restart iptables
- name: Disable Plesk Firewall
command: /usr/local/psa/bin/modules/firewall/settings -d removes=/etc/rc.d/init.d/psa-firewall
# Remove the Plesk firewall extension if installed
- name: UnInstall Plesk Firewall Extension if installed
command: plesk installer --select-release-current --remove-component psa-firewall removes=/etc/rc.d/init.d/psa-firewall
# Upload the the iptables file and restart iptables
- name: Upload the the iptables file to /etc/sysconfig/ and restart iptables
copy: src=files/security/iptables dest=/etc/sysconfig owner=root group=root mode=0644 backup=yes
notify:
- restart iptables
Not really a fix but it works for me.
Dave
Hi Dave,
Thanks for your answer. Yesterday I found a tricky solution for this problem using firewall system from Plesk. I prefer using that because we have created a auto-deploy system for Plesk containers in our infrastructure and we need to use the same features that users can.
First, you need to have SSH enabled with SSH Key allowed for root. You can do it uncommenting "#PermitRootLogin prohibit-password" in /etc/ssh/sshd_config
Then, you can do something like that:
I hope this can help someone.
Regards!
Thanks for your answer. Yesterday I found a tricky solution for this problem using firewall system from Plesk. I prefer using that because we have created a auto-deploy system for Plesk containers in our infrastructure and we need to use the same features that users can.
First, you need to have SSH enabled with SSH Key allowed for root. You can do it uncommenting "#PermitRootLogin prohibit-password" in /etc/ssh/sshd_config
Then, you can do something like that:
- Generate local SSH Pub key: ssh-keygen -t rsa -f /root/.ssh/id_rsa -P ''
- Copy your local pub key to local allowed keys: cat /root/.ssh/id_rsa.pub > /root/.ssh/authorized_keys
- Enable firewall: /usr/local/psa/bin/modules/firewall/settings -e
- Confirm the changes by this way: ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p XXX root@localhost '/usr/local/psa/bin/modules/firewall/settings -c'
- Optional, clean your local authorized_key: echo '' > /root/.ssh/authorized_keys
I hope this can help someone.
Regards!
Similar threads
