A couple of fixes for BlueOnyx were released today and are now available through YUM.
The following updates for BlueOnyx were released today and are now available through YUM:
========== Package ========== Updating: base-admserv-capstone base-admserv-glue base-apache-capstone base-apache-glue base-apache-locale-da_DK base-apache-locale-de_DE base-apache-locale-en base-apache-locale-ja base-apache-ui base-user-capstone base-user-glue base-user-locale-da_DK base-user-locale-de_DE base-user-locale-en base-user-locale-ja base-user-ui Transaction Summary ========================== Install 0 Package(s) Update 16 Package(s) Remove 0 Package(s) Total download size: 306 k
These package addresses the following issues:
Modified /etc/admserv/conf.d/ssl.conf to disable the SSLv2 protocol for the BlueOnyx GUI interface. This forces AdmServ to use SSLv3 or TLSv1 instead, which are more secure.
Virtual Sites created on BlueOnyx use mod_rewrite for a 302 redirect (temporary redirect). This is not particularly search engine friendly. Hence the 302 redirect has been changed to a 301 redirect.
However: Only sites created or renamed after this fix was installed will have the new redirect behaviour.
To convert all existing sites from the old 302 redirect to the new 301 redirect run this script (as "root") once from SSH: /usr/sausalito/sbin/fix_302_httpd_redirects.pl
Additionally to the above helper script the following two new helper scripts have been added with this patch:
This script allows to make sure that both the GUI and the system agree again over the status of "Email Server Aliasses" and "Web Server Aliasses". It briefly removes and then resets all "Email Server Aliasses" and "Web Server Aliasses" of all sites, which forces that the respective config files are rewritten.
This script makes sure that all virtual sites are reset to the factory default PHP security settings.
Both scripts can be particularly useful after migrations, where these settings may sometime conflict or where they may be missing.
As BlueOnyx is using flat file authentication we sometimes run into issues where a stale /etc/passwd.lock lockfile is left behind. This then prevents the GUI from adding new users. Or from changing existing users. To prevent this we added the cronjob /etc/cron.d/passwd_lock.cron which runs the script /usr/sausalito/sbin/remove_passwd_lock.sh every 15 minutes. The script will detect and remove stale /etc/passwd.lock files.