ABHIONLINUX
Site useful for linux administration and web hosting

2013/03/02

Vzmigrate : vzrst module is not loaded on the destination node


When you try to do live migration of openvz vps using vzmigrate,
you may get this error



==============
[root@server ]# vzmigrate --online 192.162.0.1 101
Starting live migration of CT 1141 to 192.162.0.1
Error: vzrst module is not loaded on the destination node
Error: Can't continue live migration
===============

192.162.0.1 : IP address of the destination hardware node.
101              : VID of the vps that is going to transfer.

Cause : vzrst is not loaded in the destination server which is causing the issue.
You can check the modules loaded in the server using the following command.

[root@server ]# lsmod | grep vz

Fix: 
To this this issue, you need to load the required module. You can load the modules using the following commands

[root@server ]# modprobe vzrst
[root@server ]# modprobe vzcpt


Posted by at No comments:

2013/03/01

SSHD Exploit

SSH exploit

We are aware of the recent SSHD expliot that is effecting cpanel with cloudlinux and centos servers. It is also reported that plesk, DA and non RHEL distributions are also effected.

These exploits are done via SSH server.  In 64 bit and 32 bit servers, rootkits will deposit /lib64/libkeyutils.so.1.9 and /lib/libkeyutils.so.1.9 respectively and will change the link /lib64/libkeyutils.so.1 (and /lib/libkeyutils.so.1) to point to that library.

For non-effected servers, it will be as given below.
===============

root@server [~]# ls -ld /lib64/libkeyutils.so*
lrwxrwxrwx 1 root root 18 Apr 23  2012 /lib64/libkeyutils.so.1 -> libkeyutils-1.2.so*
================

This expoit may results in stealing the passwords, ssh key, /etc/shadow , spamming or can act as a backdoor to your server.

Cloudlinux had released the following script to test whether your servers is infected or not.

You can see if your server is infected by running:

$ wget -qq -O - http://www.cloudlinux.com/sshd-hack/check.sh |/bin/bash


To clean up libkeyutils library.
USE IT AT YOUR OWN RISK, THE SCRIPT WASN'T FULLY TESTED
$ wget -qq -O - http://www.cloudlinux.com/sshd-hack/clean.sh |/bin/bash
and reboot the server

There is a chance to re-infect the servers again. In order to prevent this, you will have to block ssh from public and allow only to the IP's that are needed. Also you need to update the passwords and ssh keys which will prevent it from happening again.





Posted by at No comments:
Subscribe to: Posts (Atom)