mirror of
https://github.com/webmin/webmin.git
synced 2026-02-03 22:23:28 +00:00
Compare commits
2 Commits
2.600
...
dev/sessio
| Author | SHA1 | Date | |
|---|---|---|---|
|
f6b62525f8 | ||
|
|
57138d505b |
@@ -1,14 +0,0 @@
|
||||
# EditorConfig for Perl project
|
||||
# - Indentation: tabs
|
||||
# - Tab width: 8
|
||||
# - Indentation style: Ratliff
|
||||
|
||||
root = true
|
||||
|
||||
[*]
|
||||
charset = utf-8
|
||||
indent_style = tab
|
||||
indent_size = 8
|
||||
end_of_line = lf
|
||||
insert_final_newline = true
|
||||
trim_trailing_whitespace = true
|
||||
1
.github/workflows/webmin.dev+webmin.yml
vendored
1
.github/workflows/webmin.dev+webmin.yml
vendored
@@ -16,6 +16,7 @@ jobs:
|
||||
project-name: webmin
|
||||
is-release: ${{ github.event_name == 'release' }}
|
||||
secrets:
|
||||
DEV_GPG_PH: ${{ secrets.DEV_GPG_PH }}
|
||||
DEV_IP_ADDR: ${{ secrets.DEV_IP_ADDR }}
|
||||
DEV_IP_KNOWN_HOSTS: ${{ secrets.DEV_IP_KNOWN_HOSTS }}
|
||||
DEV_UPLOAD_SSH_USER: ${{ secrets.DEV_UPLOAD_SSH_USER }}
|
||||
|
||||
94
CHANGELOG.md
94
CHANGELOG.md
@@ -1,94 +1,12 @@
|
||||
## Changelog
|
||||
|
||||
#### 2.600 (November 9, 2025)
|
||||
* Add an options to enable the slow query log in the MySQL/MariaDB module [#2560](https://github.com/webmin/webmin/issues/2560)
|
||||
* Add ability to install multiple PHP extensions at once in the PHP Configuration module
|
||||
* Add ability to show package URL in the Software Packages module [#1141](https://github.com/virtualmin/virtualmin-gpl/issues/1141)
|
||||
* Add support to show Debian package install time in the Software Packages module
|
||||
* Add support to show detailed Webmin server stats using new `webmin stats` CLI command [forum.virtualmin.com/t/135556](https://forum.virtualmin.com/t/is-this-memory-used-a-bit-high/135556/6?u=ilia)
|
||||
* Add a major Authentic theme UI update with lots of visual and structural improvements for a smoother and more modern experience
|
||||
[More details...](https://forum.virtualmin.com/t/authentic-theme-version-26-00-release-overview/135755?u=ilia)
|
||||
* Fix EOL library fatal error for OS in development [#2121](https://github.com/webmin/webmin/issues/2121)
|
||||
* Fix correctly saving jails with parameters containing quotes in the Fail2Ban module [#2572](https://github.com/webmin/webmin/issues/2572)
|
||||
* Fix file is always renamed as the effective user in the Upload and Download module [#1054](https://github.com/webmin/webmin/issues/1054)
|
||||
|
||||
#### 2.520 (October 4, 2025)
|
||||
* Fix to make sure the mail URL uses a well-known host name [security]
|
||||
* Fix support for other Raspberry Pi sensors [#2545](https://github.com/webmin/webmin/issues/2545)
|
||||
* Fix the printing of the bottom button row in the form column table
|
||||
* Fix to recommend Perl `Sys::Syslog` module [#2557](https://github.com/webmin/webmin/issues/2557)
|
||||
* Fix to avoid using short hostname in HTTPS redirects when an FQDN is available
|
||||
* Fix to use _/proc_ sampler instead of `vmstat` for the same output with much lower overhead
|
||||
* Fix to query specific fields in FreeBSD memory stats collection, cutting CPU use by 80%
|
||||
* Fix to kill Webmin subprocesses during RC stop on FreeBSD and other systems
|
||||
* Fix to correctly fetch command version in `PPTP VPN Client` module [#2567](https://github.com/webmin/webmin/issues/2567)
|
||||
* Add a complete overhaul of `var_dump` subroutine, which is now fully portable
|
||||
* Update the Authentic theme to the latest version with various fixes:
|
||||
- Fix the text color when reading email in the Read User Mail module [webmin#2555](https://github.com/webmin/webmin/issues/2555)
|
||||
- Fix to ensure the selected color palette is correctly stored when changed manually [webmin#2552](https://github.com/webmin/webmin/issues/2552)
|
||||
- Fix a bug when the Webmin version label was missing when copying to clipboard system information from the dashboard
|
||||
- Fix DNS query spike from network stats collection on FreeBSD [webmin#2556](https://github.com/webmin/webmin/issues/2556)
|
||||
- Fix to display the appropriate icon for proxy mode on new Bunny DNS
|
||||
- Fix spinner color in toast messages for dark palette
|
||||
- Fix other bugs and add various small improvements
|
||||
|
||||
#### 2.510 (September 16, 2025)
|
||||
* Fix to ensure DNSSEC re-signing period is less than 30 days in the BIND DNS module
|
||||
* Fix to treat 201 as a valid response code in the internal download function
|
||||
* Update the Authentic theme to the latest version with various improvements and fixes:
|
||||
- Add optimizations to dashboard graphs with dynamic trimming to prevent page lagging
|
||||
- Add improvements to how the system cache for the dashboard is updated
|
||||
- Add support to correctly reload the page in proxy mode
|
||||
- Add an option to choose if default page should always load when switching navigation
|
||||
- Fix to ensure the color palette is preserved for the user [webmin#2537](https://github.com/webmin/webmin/issues/2537)
|
||||
- Fix algorithm for calculating rows per page in data table pagination
|
||||
- Fix the alert info box text color for dark mode
|
||||
- Fix critical lags and appearance of Custom Commands module
|
||||
|
||||
#### 2.501 (September 10, 2025)
|
||||
* Add support for Raspberry Pi sensors #2539 #2517
|
||||
* Add Squid 7 support
|
||||
* Update the Authentic theme to the latest version with the following fixes:
|
||||
- Fix broken editor in "Bootup and Shutdown" module
|
||||
|
||||
#### 2.500 (September 4, 2025)
|
||||
#### 2.403 (June 30, 2025)
|
||||
* Add support for the Webmin webserver to work in both HTTP and HTTPS modes at the same time
|
||||
* Add distinct warning to the login page if the connection is not secure
|
||||
* Add support for timeouts in temporary rules in "FirewallD" module
|
||||
* Add support for the new Dovecot version 2.4
|
||||
* Add support for MariaDB version 12 #2522
|
||||
* Add support for IMAP through a local command for Usermin
|
||||
* Add latest SSLeay support for redirects to SSL work
|
||||
* Add improvements to "Bootup and Shutdown" module for _systemd_ systems
|
||||
* Add field for secondary server key in "BIND DNS Server" module
|
||||
* Add reversible encryption helpers API
|
||||
* Add API to display relative dates
|
||||
* Add API to mask sensitive text, like displayed passwords, unless hovered over
|
||||
* Add status monitor for PHP FPM #2499
|
||||
* Add support for DNF5 format in the "Software Packages" module
|
||||
* Add support for redirecting to the enforced domain when the `musthost_redirect` directive is set
|
||||
* Add option to customize the SMTP login for scheduled background monitoring in the "System and Server Status" module
|
||||
* Change to show relative dates in "Webmin Users: Current Login Sessions" and "Webmin Actions Log: Search Results" pages
|
||||
* Change "Last Logins" on the dashboard to show usernames, relative dates, and all users from the past 3 days
|
||||
* Change to always enable HSTS by default
|
||||
* Add a UI API to mask sensitive text—like displayed passwords, unless hovered over container
|
||||
* Fix MySQL/MariaDB to remove obsolete `set-variable` options that break modern config files #2497
|
||||
* Fix download link in table rows in "MySQL/MariaDB Database Server" module
|
||||
* Fix module not to fail on old MySQL 5.5
|
||||
* Update the Authentic theme to the latest version with various improvements and fixes:
|
||||
- Add support to automatically set the color palette based on OS or browser preferences
|
||||
- Add improvements to tooltips in dark palette
|
||||
- Change the default shortcut key for toggling the light/dark palette
|
||||
- Change the default shortcut key for toggling right slider
|
||||
- Change wording to use "shortcut" instead of "hotkey"
|
||||
- Change the default maximum column width
|
||||
- Fix navigation menu load in proxy mode #2502
|
||||
- Fix navigation menu to always stay in sync with the product switch
|
||||
- Fix sporadic issue where the navigation menu disappeared and the content page was shifted
|
||||
- Fix info alert text color and button color in the dark palette
|
||||
- Fix styling of checkboxes and radios for backup and restore pages in Virtualmin
|
||||
- Fix styling for extra backup destinations in Virtualmin
|
||||
- Fix advanced schedule display in the cron chooser in Virtualmin
|
||||
[More details...](https://github.com/webmin/authentic-theme/releases/tag/25.00)
|
||||
|
||||
|
||||
#### 2.402 (June 16, 2025)
|
||||
* Update the Authentic theme to the latest version with various fixes and improvements
|
||||
@@ -213,7 +131,7 @@
|
||||
* Update the Authentic theme to the latest version with various fixes and improvements
|
||||
|
||||
#### 2.201 (July 24, 2024)
|
||||
* Fix real-time monitoring not updating graphs in the dashboard [#2222](https://github.com/webmin/webmin/issues/2222)
|
||||
* Fix real-time monitoring not updating graphs in the Dashboard [#2222](https://github.com/webmin/webmin/issues/2222)
|
||||
* Fix Terminal module to work correctly with _sudo_-capable users [#2223](https://github.com/webmin/webmin/issues/2223)
|
||||
|
||||
#### 2.200 (July 21, 2024)
|
||||
@@ -326,7 +244,7 @@
|
||||
* Add support for editing ACLs in File Manager
|
||||
* Add support to configure SSL connection for MySQL/MariaDB module
|
||||
* Add support for compressed backups in PostgreSQL module
|
||||
* Add support for displaying inodes too in Disk Usage in the dashboard
|
||||
* Add support for displaying inodes too in Disk Usage in the Dashboard
|
||||
* Add better support for CloudLinux
|
||||
* Fix to always default to RSA key type in Let's Encrypt requests
|
||||
* Fix setup repository script for Oracle
|
||||
@@ -334,7 +252,7 @@
|
||||
* Fix support for SpamAssassin 4
|
||||
* Fix to use system default hashing format for `htpasswd` file
|
||||
* Fix FastRPC issues
|
||||
* Update the Authentic theme to the latest version, with sped-up dashboard performance
|
||||
* Update the Authentic theme to the latest version, with sped-up Dashboard performance
|
||||
|
||||
#### 2.013 (January 19, 2023)
|
||||
* Fix Authentic theme issue with error handling
|
||||
|
||||
@@ -44,7 +44,7 @@ Webmin 可以两种方法安装:
|
||||
### 贡献者
|
||||
|
||||
* [Joe Cooper](https://github.com/swelljoe)
|
||||
* [Ilia Rostovtsev](https://github.com/iliaross)
|
||||
* [Ilia Rostovtsev](https://github.com/iliajie)
|
||||
* [Kay Marquardt](https://github.com/gnadelwartz)
|
||||
* [Nawawi Jamili](https://github.com/nawawi) + [其他无偿奉献的开发者](https://github.com/webmin/webmin/graphs/contributors)
|
||||
|
||||
|
||||
@@ -48,13 +48,13 @@ For detailed installation instructions check our guide on [webmin.com/download](
|
||||
* [Jamie Cameron](https://www.webmin.com/about.html) [](https://www.linkedin.com/in/jamiecameron2)
|
||||
|
||||
### Developers
|
||||
* [Ilia Rostovtsev](https://github.com/iliaross)
|
||||
* [Ilia Rostovtsev](https://github.com/iliajie)
|
||||
* [Joe Cooper](https://github.com/swelljoe)
|
||||
|
||||
### Contributors
|
||||
* [Kay Marquardt](https://github.com/gnadelwartz)
|
||||
* [Nawawi Jamili](https://github.com/nawawi)
|
||||
* [unknown10777](https://github.com/unknown10777) + [90 more...](https://github.com/webmin/webmin/graphs/contributors)
|
||||
* [unknown10777](https://github.com/unknown10777) + [90 more..](https://github.com/webmin/webmin/graphs/contributors)
|
||||
|
||||
## License
|
||||
|
||||
|
||||
249
SECURITY.md
249
SECURITY.md
@@ -1,242 +1,23 @@
|
||||
## Reporting Security Issues
|
||||
|
||||
> [!WARNING]
|
||||
> **Found a bug?** If you’ve found a new security-related issue, email
|
||||
> [security@webmin.com](mailto:security@webmin.com).
|
||||
Please send all reports of security issues found in Webmin to security@webmin.com
|
||||
via email, ideally PGP encrypted with the key from https://www.webmin.com/jcameron-key.asc .
|
||||
|
||||
### Webmin 2.510 and below [October 9, 2025]
|
||||
#### Host header injection vulnerability in the password reset feature [CVE-2025-61541]
|
||||
Potential security issues, in descending order of impact, include :
|
||||
|
||||
- If the password reset feature is enabled, an attacker can use a specially
|
||||
crafted host header to cause the password reset email to contain a link to a
|
||||
malicious site.
|
||||
* Remotely exploitable attacks that allow `root` access to Webmin without
|
||||
any credentials.
|
||||
|
||||
> Thanks to Nyein Chan Aung and Mg Demon for reporting this.
|
||||
* Privilege escalation vulnerabilities that allow non-`root` users of Webmin
|
||||
to run commands or access files as `root`.
|
||||
|
||||
### Webmin 2.202 and below [February 26, 2025]
|
||||
#### SSL certificates from clients may be trusted unexpectedly
|
||||
* XSS attacks that target users already logged into Webmin when they visit
|
||||
another website.
|
||||
|
||||
- If Webmin is configured to trust remote IP addresses provided by a proxy *and*
|
||||
you have users authenticating using client SSL certificates, a browser
|
||||
connecting directly (not via the proxy) can provide a forged header to fake
|
||||
the client certificate.
|
||||
Things that are not actually security issues include :
|
||||
|
||||
- Upgrade to Webmin 2.301 or later, and if there is any chance of direct
|
||||
requests by clients disable this at **Webmin ⇾ Webmin Configuration ⇾ IP
|
||||
Access Control** page using **Trust level for proxy headers** option.
|
||||
* XSS attacks that are blocked by Webmin's referrer checks, which are enabled
|
||||
by default.
|
||||
|
||||
> Thanks to Keigo YAMAZAKI from LAC Co., Ltd. for reporting this.
|
||||
|
||||
### Webmin 2.105 and below [April 15, 2024]
|
||||
#### Privilege escalation by non-root users [CVE-2024-12828]
|
||||
|
||||
- A less-privileged Webmin user can execute commands as root via a vulnerability in the shell autocomplete feature.
|
||||
|
||||
- All Virtualmin admins and Webmin admins who have created additional accounts should upgrade to version 2.111 as soon as possible!
|
||||
|
||||
> Thanks to Trend Micro’s Zero Day Initiative for finding and reporting this issue.
|
||||
|
||||
### Webmin 1.995 and Usermin 1.850 and below [June 30, 2022]
|
||||
#### XSS vulnerability in the HTTP Tunnel module
|
||||
|
||||
- If a less-privileged Webmin user is given permission to edit the configuration of the HTTP Tunnel module, he/she could use this to introduce a vulnerability that captures cookies belonging to other Webmin users that use the module.
|
||||
|
||||
> Thanks to [BLACK MENACE][2] and [PYBRO][3] for reporting this issue.
|
||||
|
||||
- An HTML email crafted by an attacker could capture browser cookies when opened.
|
||||
|
||||
> Thanks to [ly1g3][4] for reporting this bug.
|
||||
|
||||
### Webmin 1.991 and below [April 18, 2022]
|
||||
#### Privilege escalation exploit [CVE-2022-30708]
|
||||
- Less privileged Webmin users (excluding those created by Virtualmin and Cloudmin) can modify arbitrary files with root privileges, and so run commands as root. All systems with additional untrusted Webmin users should upgrade immediately.
|
||||
|
||||
> Thanks to [esp0xdeadbeef][5] and [V1s3r1on][6] for finding and reporting this issue!
|
||||
|
||||
### Webmin 1.984 and below [December 26, 2021]
|
||||
#### File Manager privilege exploit [CVE-2022-0824 and CVE-2022-0829]
|
||||
|
||||
- Less privileged Webmin users who do not have any File Manager module restrictions configured can access files with root privileges, if using the default Authentic theme. All systems with additional untrusted Webmin users should upgrade immediately. Note that Virtualmin systems are not effected by this bug, due to the way domain owner Webmin users are configured.
|
||||
|
||||
> Thanks to Faisal Fs ([faisalfs10x][7]) from [NetbyteSEC][8] for finding and reporting this issue!
|
||||
|
||||
### Virtualmin Procmail wrapper version 1.0
|
||||
#### Privilege escalation exploit
|
||||
- Version 1.0 of the `procmail-wrapper` package installed with Virtualmin has a vulnerability that can be used by anyone with SSH access to gain `root` privileges. To prevent this, all Virtualmin users should upgrade to version 1.1 or later immediately.
|
||||
|
||||
### Webmin 1.973 and below [March 7, 2021]
|
||||
#### XSS vulnerabilities if Webmin is installed using the `setup.pl` script [CVE-2021-31760, CVE-2021-31761 and CVE-2021-31762]
|
||||
|
||||
- If Webmin is installed using the non-recommended `setup.pl` script, checking for unknown referers is not enabled by default. This opens the system up to XSS and CSRF attacks using malicious links. Fortunately the standard `rpm`, `deb`, `pkg` and `tar` packages do not use this script and so are not vulnerable. If you did install using the `setup.pl` script, the vulnerability can be fixed by adding the line `referers_none=1` to `/etc/webmin/config` file.
|
||||
|
||||
> Thanks to Meshal ( Mesh3l\_911 ) [@Mesh3l\_911][9] and Mohammed ( Z0ldyck ) [@electronicbots][10] for finding and reporting this issue!
|
||||
|
||||
### Webmin 1.941 and below [January 16, 2020]
|
||||
#### XSS vulnerability in the Command Shell module [CVE-2020-8820 and CVE-2020-8821]
|
||||
|
||||
- A user with privileges to create custom commands could exploit other users via unescaped HTML.
|
||||
|
||||
> Thanks to Mauro Caseres for reporting this and the following issue.
|
||||
|
||||
### Webmin 1.941 and below [January 16, 2020]
|
||||
#### XSS vulnerability in the Read Mail module [CVE-2020-12670]
|
||||
- Saving a malicious HTML attachment could trigger and XSS vulnerability.
|
||||
|
||||
### Webmin 1.882 to 1.921 [July 6, 2019]
|
||||
#### Remote Command Execution [CVE-2019-15231]
|
||||
- Webmin releases between these versions contain a vulnerability that allows remote command execution! Version 1.890 is vulnerable in a default install and should be upgraded immediately - other versions are only vulnerable if changing of expired passwords is enabled, which is not the case by default.
|
||||
|
||||
Either way, upgrading to version 1.930 is strongly recommended. Alternately, if running versions 1.900 to 1.920, edit `/etc/webmin/miniserv.conf`, remove the `passwd_mode=` line, then run `/etc/webmin/restart` command.
|
||||
{{< details-start post-indent-details "More details.." >}}
|
||||
Webmin version 1.890 was released with a backdoor that could allow anyone with knowledge of it to execute commands as root. Versions 1.900 to 1.920 also contained a backdoor using similar code, but it was not exploitable in a default Webmin install. Only if the admin had enabled the feature at **Webmin ⇾ Webmin Configuration ⇾ Authentication** to allow changing of expired passwords could it be used by an attacker.
|
||||
|
||||
Neither of these were accidental bugs - rather, the Webmin source code had been maliciously modified to add a non-obvious vulnerability. It appears that this happened as follows :
|
||||
|
||||
- At some time in April 2018, the Webmin development build server was exploited and a vulnerability added to the `password_change.cgi` script. Because the timestamp on the file was set back, it did not show up in any Git diffs. This was included in the Webmin 1.890 release.
|
||||
- The vulnerable file was reverted to the checked-in version from GitHub, but sometime in July 2018 the file was modified again by the attacker. However, this time the exploit was added to code that is only executed if changing of expired passwords is enabled. This was included in the Webmin 1.900 release.
|
||||
- On September 10th 2018, the vulnerable build server was decommissioned and replaced with a newly installed server running CentOS 7. However, the build directory containing the modified file was copied across from backups made on the original server.
|
||||
- On August 17th 2019, we were informed that a 0-day exploit that made use of the vulnerability had been released. In response, the exploit code was removed and Webmin version 1.930 created and released to all users.
|
||||
|
||||
In order to prevent similar attacks in future, we're doing the following :
|
||||
|
||||
- Updating the build process to use only checked-in code from GitHub, rather than a local directory that is kept in sync.
|
||||
- Rotated all passwords and keys accessible from the old build system.
|
||||
- Auditing all GitHub commits over the past year to look for commits that may have introduced similar vulnerabilities.
|
||||
{{< details-end >}}
|
||||
|
||||
### Webmin 1.900 [November 19, 2018]
|
||||
#### Remote Command Execution (Metasploit)
|
||||
|
||||
- This is _not_ a workable exploit as it requires that the attacker already know the root password. Hence there is no fix for it in Webmin.
|
||||
|
||||
### Webmin 1.900 and below [November 19, 2018]
|
||||
#### Malicious HTTP headers in downloaded URLs
|
||||
|
||||
- If the Upload and Download or File Manager module is used to fetch an un-trusted URL. If a Webmin user downloads a file from a malicious URL, HTTP headers returned can be used exploit an XSS vulnerability.
|
||||
|
||||
> Thanks to independent security researcher, John Page aka hyp3rlinx, who reported this vulnerability to Beyond Security's SecuriTeam Secure Disclosure program.
|
||||
|
||||
### Webmin 1.800 and below [May 26, 2016]
|
||||
#### Authentic theme configuration page vulnerability
|
||||
- Only an issue if your system has un-trusted users with Webmin access and is using the new Authentic theme. A non-root Webmin user could use the theme configuration page to execute commands as root.
|
||||
|
||||
#### Authentic theme remote access vulnerability
|
||||
- Only if the Authentic theme is enabled globally. An attacker could execute commands remotely as root, as long as there was no firewall blocking access to Webmin's port 10000.
|
||||
|
||||
### Webmin 1.750 and below [May 12, 2015]
|
||||
#### XSS (cross-site scripting) vulnerability in `xmlrpc.cgi` script [CVE-2015-1990]
|
||||
- A malicious website could create links or JavaScript referencing the `xmlrpc.cgi` script, triggered when a user logged into Webmin visits the attacking site.
|
||||
|
||||
> Thanks to Peter Allor from IBM for finding and reporting this issue.
|
||||
|
||||
### Webmin 1.720 and below [November 24, 2014]
|
||||
#### Read Mail module vulnerable to malicious links
|
||||
- If un-trusted users have both SSH access and the ability to use Read User Mail module (as is the case for Virtualmin domain owners), a malicious link could be created to allow reading any file on the system, even those owned by _root_.
|
||||
|
||||
> Thanks to Patrick William from RACK911 labs for finding this bug.
|
||||
|
||||
### Webmin 1.700 and below [August 11, 2014]
|
||||
#### Shellshock vulnerability
|
||||
- If your _bash_ shell is vulnerable to _shellshock_, it can be exploited by attackers who have a Webmin login to run arbitrary commands as _root_. Updating to version 1.710 (or updating _bash_) will fix this issue.
|
||||
|
||||
### Webmin 1.590 and below [June 30, 2012]
|
||||
#### XSS (cross-site scripting) security hole
|
||||
- A malicious website could create links or JavaScript referencing the File Manager module that allowed execution of arbitrary commands via Webmin when the website is viewed by the victim. See [CERT vulnerability note VU#788478][12] for more details. Thanks to Jared Allar from the American Information Security Group for reporting this problem.
|
||||
|
||||
#### Referer checks don't include port
|
||||
- If an attacker has control over `http://example.com/` then he/she could create a page with malicious JavaScript that could take over a Webmin session at `https://example.com:10000/` when `http://example.com/` is viewed by the victim.
|
||||
|
||||
> Thanks to Marcin Teodorczyk for finding this issue.
|
||||
|
||||
### Webmin 1.540 and below [April 20, 2011]
|
||||
#### XSS (cross-site scripting) security hole
|
||||
- This vulnerability can be triggered if an attacker changes his Unix username via a tool like `chfn`, and a page listing usernames is then viewed by the root user in Webmin.
|
||||
|
||||
> Thanks to Javier Bassi for reporting this bug.
|
||||
|
||||
### Virtualmin 3.70 and below [June 23, 2009]
|
||||
#### Unsafe file writes in Virtualmin
|
||||
- This bug allows a virtual server owner to read or write to arbitrary files on the system by creating malicious symbolic links and then having Virtualmin perform operations on those links. Upgrading to version 3.70 is strongly recommended if your system has un-trusted domain owners.
|
||||
|
||||
### Webmin 1.390 and below, Usermin 1.320 and below [February 8, 2008]
|
||||
#### XSS (cross-site scripting) security hole
|
||||
- This attack could open users who visit un-trusted websites while having Webmin open in the same browser up to having their session cookie captured, which could then allow an attacker to login to Webmin without a password. The quick fix is to go to the **Webmin Configuration** module, click on the **Trusted Referers** icon, set **Referrer checking enabled?** to **Yes**, and un-check the box **Trust links from unknown referrers**. Webmin 1.400 and Usermin 1.330 will make these settings the defaults.
|
||||
|
||||
### Webmin 1.380 and below [November 3, 2007]
|
||||
#### Windows-only command execution bug
|
||||
- Any user logged into Webmin can execute any command using special URL parameters. This could be used by less-privileged Webmin users to raise their level of access.
|
||||
|
||||
> Thanks for Keigo Yamazaki of Little eArth Corporation for finding this bug.
|
||||
|
||||
### Webmin 1.374 and below, Usermin 1.277 and below
|
||||
#### XSS bug in `pam_login.cgi` script
|
||||
- A malicious link to Webmin `pam_login.cgi` script can be used to execute JavaScript within the Webmin server context, and perhaps steal session cookies.
|
||||
|
||||
### Webmin 1.330 and below, Usermin 1.260 and below
|
||||
#### XSS bug in `chooser.cgi` script
|
||||
- When using Webmin or Usermin to browse files on a system that were created by an attacker, a specially crafted filename could be used to inject arbitrary JavaScript into the browser.
|
||||
|
||||
### Webmin 1.296 and below, Usermin 1.226 and below
|
||||
#### Remote source code access
|
||||
- An attacker can view the source code of Webmin CGI and Perl programs using a specially crafted URL. Because the source code for Webmin is freely available, this issue should only be of concern to sites that have custom modules for which they want the source to remain hidden.
|
||||
#### XSS bug
|
||||
- The XSS bug makes use of a similar technique to craft a URL that can allow arbitrary JavaScript to be executed in the user's browser if a malicious link is clicked on.
|
||||
|
||||
> Thanks for Keigo Yamazaki of Little eArth Corporation for finding this bug.
|
||||
|
||||
### Webmin 1.290 and below, Usermin 1.220 and below
|
||||
#### Arbitrary remote file access
|
||||
- An attacker without a login to Webmin can read the contents of any file on the server using a specially crafted URL. All users should upgrade to version 1.290 as soon as possible, or setup IP access control in Webmin.
|
||||
|
||||
> Thanks to Kenny Chen for bringing this to my attention.
|
||||
|
||||
### Webmin 1.280 and below
|
||||
#### Windows arbitrary file access
|
||||
- If running Webmin on Windows, an attacker can remotely view the contents of any file on your system using a specially crafted URL. This does not affect other operating systems, but if you use Webmin on Windows you should upgrade to version 1.280 or later.
|
||||
|
||||
> Thanks to Keigo Yamazaki of Little eArth Corporation for discovering this bug.
|
||||
|
||||
### Webmin 1.250 and below, Usermin 1.180 and below
|
||||
#### Perl syslog input attack
|
||||
- When logging of failing login attempts via `syslog` is enabled, an attacker can crash and possibly take over the Webmin webserver, due to un-checked input being passed to Perl's `syslog` function. Upgrading to the latest release of Webmin is recommended.
|
||||
|
||||
> Thanks to Jack at Dyad Security for reporting this problem to me.
|
||||
|
||||
### Webmin 1.220 and below, Usermin 1.150 and below
|
||||
#### Full PAM conversations' mode remote attack
|
||||
- Affects systems when the option **Support full PAM conversations?** is enabled on the **Webmin ⇾ Webmin Configuration ⇾ Authentication** page. When this option is enabled in Webmin or Usermin, an attacker can gain remote access to Webmin without needing to supply a valid login or password. Fortunately this option is not enabled by default and is rarely used unless you have a PAM setup that requires more than just a username and password, but upgrading is advised anyway. <br />
|
||||
|
||||
> Thanks to Keigo Yamazaki of Little eArth Corporation and [JPCERT/CC][13] for discovering and notifying me of this bug.
|
||||
|
||||
### Webmin 1.175 and below, Usermin 1.104 and below
|
||||
#### Brute force password guessing attack
|
||||
- Prior Webmin and Usermin versions do not have password timeouts turned on by default, so an attacker can try every possible password for the _root_ or admin user until he/she finds the correct one.
|
||||
The solution is to enable password timeouts, so that repeated attempts to login as the same user will become progressively slower. This can be done by following these steps :
|
||||
|
||||
* Go to the **Webmin Configuration** module.
|
||||
* Click on the **Authentication** icon.
|
||||
* Select the **Enable password timeouts** button.
|
||||
* Click the **Save** button at the bottom of the page.
|
||||
|
||||
This problem is also present in Usermin, and can be prevented by following the same steps in the **Usermin Configuration** module.
|
||||
|
||||
### Webmin 1.150 and below, Usermin 1.080 and below
|
||||
#### XSS vulnerability
|
||||
- When viewing HTML email, several potentially dangerous types of URLs can be passed through. This can be used to perform malicious actions like executing commands as the logged-in Usermin user.
|
||||
|
||||
#### Module configurations are visible
|
||||
- Even if a Webmin user does not have access to a module, he/she can still view it's Module Config page by entering a URL that calls `config.cgi` with the module name as a parameter.
|
||||
|
||||
#### Account lockout attack
|
||||
- By sending a specially constructed password, an attacker can lock out other users if password timeouts are enabled.
|
||||
|
||||
[2]: https://github.com/bl4ckmenace
|
||||
[3]: https://github.com/Pybro09
|
||||
[4]: https://github.com/ly1g3
|
||||
[5]: https://github.com/esp0xdeadbeef
|
||||
[6]: https://github.com/V1s3r1on
|
||||
[7]: https://github.com/faisalfs10x/
|
||||
[8]: https://www.netbytesec.com/
|
||||
[9]: https://twitter.com/Mesh3l_911
|
||||
[10]: https://twitter.com/electronicbots
|
||||
[12]: http://www.kb.cert.org/vuls/id/788478
|
||||
[13]: http://www.jpcert.or.jp/
|
||||
* Attacks that require modifications to Webmin's code or configuration, which
|
||||
can only be done by someone who already has `root` permissions.
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -82,7 +82,7 @@ print &ui_table_row($text{'unix_restrict2'},
|
||||
print &ui_table_row("",
|
||||
&ui_checkbox("shells_deny", 1, $text{'unix_shells'},
|
||||
$miniserv{'shells_deny'} ? 1 : 0)." ".
|
||||
&ui_filebox("shells", $miniserv{'shells_deny'} || "/etc/shells", 25));
|
||||
&ui_filebox("shells", $miniserv{'shells_deny'} || "/etc/shells", 40));
|
||||
|
||||
print &ui_table_end();
|
||||
print &ui_form_end([ [ undef, $text{'save'} ] ]);
|
||||
|
||||
@@ -238,18 +238,6 @@ my @themes = grep { !$_->{'overlay'} } @all;
|
||||
my @overlays = grep { $_->{'overlay'} } @all;
|
||||
|
||||
if ($access{'theme'}) {
|
||||
my $tconf_link;
|
||||
my %tinfo = &webmin::get_theme_info($user{'theme'});
|
||||
if ($user{'theme'} && $user{'theme'} eq $tinfo{'dir'} &&
|
||||
$user{'name'} eq $remote_user &&
|
||||
$tinfo{'config_link'}) {
|
||||
$tconf_link = &ui_tag('span', &ui_link(
|
||||
"@{[&get_webprefix()]}/$tinfo{'config_link'}",
|
||||
&ui_tag('span', '⚙',
|
||||
{ class => 'theme-config-char',
|
||||
title => $text{'themes_configure'} }),
|
||||
'text-link'), { style => 'position: relative;' });
|
||||
}
|
||||
# Current theme
|
||||
my @topts = ( );
|
||||
push(@topts, !$user{'theme'} ? [ '', $text{'edit_themedef'} ] : ());
|
||||
@@ -259,8 +247,7 @@ if ($access{'theme'}) {
|
||||
print &ui_table_row($text{'edit_theme'},
|
||||
&ui_radio("theme_def", defined($user{'theme'}) ? 0 : 1,
|
||||
[ [ 1, $text{'edit_themeglobal'} ],
|
||||
[ 0, &ui_select("theme", $user{'theme'}, \@topts).
|
||||
$tconf_link ] ]));
|
||||
[ 0, &ui_select("theme", $user{'theme'}, \@topts) ] ]));
|
||||
}
|
||||
|
||||
if ($access{'theme'} && @overlays) {
|
||||
|
||||
@@ -7,7 +7,7 @@ use warnings;
|
||||
no warnings 'redefine';
|
||||
no warnings 'uninitialized';
|
||||
require './acl-lib.pl';
|
||||
our (%in, %text, %config, %gconfig, %access, $base_remote_user);
|
||||
our (%in, %text, %config, %access, $base_remote_user);
|
||||
&ReadParse();
|
||||
&ui_print_header(undef, $text{'index_title'}, "", undef, 1, 1);
|
||||
|
||||
@@ -206,7 +206,7 @@ if (uc($ENV{'HTTPS'}) eq "ON" && $miniserv{'ca'}) {
|
||||
push(@icons, "images/twofactor.gif");
|
||||
push(@links, "twofactor_form.cgi");
|
||||
push(@titles, $text{'index_twofactor'});
|
||||
if ($access{'rbacenable'} && $gconfig{'os_type'} eq 'solaris') {
|
||||
if ($access{'rbacenable'}) {
|
||||
push(@icons, "images/rbac.gif");
|
||||
push(@links, "edit_rbac.cgi");
|
||||
push(@titles, $text{'index_rbac'});
|
||||
|
||||
11
acl/lang/en
11
acl/lang/en
@@ -355,19 +355,18 @@ unix_utable=Allowed Unix users
|
||||
sessions_title=Current Login Sessions
|
||||
sessions_id=Session ID
|
||||
sessions_user=Webmin user
|
||||
sessions_login_ago=Last active ago
|
||||
sessions_login=Last active at
|
||||
sessions_host=IP address
|
||||
sessions_lview=View logs
|
||||
sessions_actions=Actions
|
||||
sessions_all=All sessions
|
||||
sessions_logouts=Also show logged-out sessions
|
||||
sessions_lview=View logs..
|
||||
sessions_actions=Actions..
|
||||
sessions_all=All sessions..
|
||||
sessions_logouts=Also show logged-out sessions..
|
||||
sessions_state=State
|
||||
sessions_action=Actions
|
||||
sessions_this=This login
|
||||
sessions_in=Logged in
|
||||
sessions_out=Logged out
|
||||
sessions_kill=Disconnect
|
||||
sessions_kill=Disconnect..
|
||||
|
||||
logins_title=Recent Webmin logins
|
||||
|
||||
|
||||
@@ -28,7 +28,7 @@ print &ui_columns_start([ $text{'sessions_id'},
|
||||
$text{'sessions_state'},
|
||||
$text{'sessions_user'},
|
||||
$text{'sessions_host'},
|
||||
$text{'sessions_login_ago'},
|
||||
$text{'sessions_login'},
|
||||
$text{'sessions_actions'},
|
||||
], 100);
|
||||
foreach my $k (sort { my @a = split(/\s+/, $sessiondb{$a});
|
||||
@@ -68,8 +68,7 @@ foreach my $k (sort { my @a = split(/\s+/, $sessiondb{$a});
|
||||
push(@cols, $user);
|
||||
}
|
||||
push(@cols, $lip);
|
||||
push(@cols, &make_date_relative($ltime).
|
||||
" ".&ui_help(&make_date($ltime)));
|
||||
push(@cols, &make_date($ltime));
|
||||
my @links;
|
||||
if ($haslog) {
|
||||
push(@links, ui_link("../webminlog/search.cgi?uall=1&mall=1&tall=1&wall=1&fall=1&sid=$k", $text{'sessions_lview'}));
|
||||
|
||||
@@ -20,12 +20,7 @@ foreach my $k (keys %sessiondb) {
|
||||
next if ($k =~ /^1111111/);
|
||||
next if (!$sessiondb{$k});
|
||||
my ($user, $ltime, $lip) = split(/\s+/, $sessiondb{$k});
|
||||
next if (&webmin_user_is_admin()
|
||||
? ($user eq "!" ||
|
||||
($user ne $remote_user &&
|
||||
# Show all logins for past 3 days for admin
|
||||
$ltime && $ltime < time() - 3*24*60*60))
|
||||
: ($user ne $remote_user && $user ne "!".$remote_user));
|
||||
next if ($user ne $remote_user && $user ne "!".$remote_user);
|
||||
push(@logins, [ $user, $ltime, $lip, $k ]);
|
||||
}
|
||||
if (@logins) {
|
||||
@@ -34,8 +29,7 @@ if (@logins) {
|
||||
@logins = @logins[0..4];
|
||||
}
|
||||
my $html = &ui_columns_start([ $text{'sessions_host'},
|
||||
$text{'sessions_user'},
|
||||
$text{'sessions_login_ago'},
|
||||
$text{'sessions_login'},
|
||||
$text{'sessions_state'},
|
||||
$text{'sessions_action'} ]);
|
||||
my $open = 0;
|
||||
@@ -68,13 +62,9 @@ if (@logins) {
|
||||
&ui_link("@{[&get_webprefix()]}/acl/delete_session.cgi?id=$l->[3]&redirect_ref=1",
|
||||
$text{'sessions_kill'}))
|
||||
}
|
||||
my $user = $l->[0];
|
||||
$user =~ s/^\!//;
|
||||
$html .= &ui_columns_row([
|
||||
$l->[2],
|
||||
$user,
|
||||
&make_date_relative($l->[1]).
|
||||
" ".&ui_help(&make_date($l->[1])),
|
||||
&make_date($l->[1]),
|
||||
$state,
|
||||
&ui_links_row(\@links) ]);
|
||||
}
|
||||
|
||||
@@ -1235,9 +1235,6 @@ sub restart_button
|
||||
local $args = "redir=".&urlize(&this_url());
|
||||
local @rv;
|
||||
if (&is_apache_running()) {
|
||||
if ($access{'stop'}) {
|
||||
push(@rv, &ui_link("stop.cgi?$args", $text{'apache_stop'}) );
|
||||
}
|
||||
if ($access{'apply'}) {
|
||||
my $n = &needs_config_restart();
|
||||
if ($n) {
|
||||
@@ -1248,6 +1245,9 @@ if (&is_apache_running()) {
|
||||
push(@rv, &ui_link("restart.cgi?$args", $text{'apache_apply'}) );
|
||||
}
|
||||
}
|
||||
if ($access{'stop'}) {
|
||||
push(@rv, &ui_link("stop.cgi?$args", $text{'apache_stop'}) );
|
||||
}
|
||||
}
|
||||
elsif ($access{'stop'}) {
|
||||
push(@rv, &ui_link("start.cgi?$args", $text{'apache_start'}) );
|
||||
|
||||
@@ -158,7 +158,7 @@ $rv .= "<table id='show_backup_destination' cellpadding=1 cellspacing=0>";
|
||||
|
||||
# Local file field
|
||||
$rv .= "<tr><td>".&ui_oneradio("$_[0]_mode", 0, undef, $mode == 0)."</td>\n";
|
||||
$rv .= "<td>".&ui_tag('strong', $text{'backup_mode0'})." </td><td colspan='3'>".
|
||||
$rv .= "<td>$text{'backup_mode0'} </td><td colspan='3'>".
|
||||
&ui_textbox("$_[0]_file", $mode == 0 ? $path : "", 60, undef, undef,
|
||||
($_[2] != 1 && $config{'date_subs'}) ?
|
||||
'placeholder="/backups/configs-%y-%m-%d-%H-%M-%S.tar.gz"' : undef).
|
||||
@@ -166,7 +166,7 @@ $rv .= "<td>".&ui_tag('strong', $text{'backup_mode0'})." </td><td colspan='
|
||||
|
||||
# FTP file fields
|
||||
$rv .= "<tr><td>".&ui_oneradio("$_[0]_mode", 1, undef, $mode == 1)."</td>\n";
|
||||
$rv .= "<td>".&ui_tag('strong', $text{'backup_mode1'})." </td><td>".
|
||||
$rv .= "<td>$text{'backup_mode1'} </td><td>".
|
||||
&ui_textbox("$_[0]_server", $mode == 1 ? $server : undef, 20).
|
||||
"</td>\n";
|
||||
$rv .= "<td> $text{'backup_path'} </td><td> ".
|
||||
@@ -186,7 +186,7 @@ $rv .= "<td colspan='4'>$text{'backup_port'} ".
|
||||
|
||||
# SCP file fields
|
||||
$rv .= "<tr><td>".&ui_oneradio("$_[0]_mode", 2, undef, $mode == 2)."</td>\n";
|
||||
$rv .= "<td>".&ui_tag('strong', $text{'backup_mode2'})." </td><td>".
|
||||
$rv .= "<td>$text{'backup_mode2'} </td><td>".
|
||||
&ui_textbox("$_[0]_sserver", $mode == 2 ? $server : undef, 20).
|
||||
"</td>\n";
|
||||
$rv .= "<td> $text{'backup_path'} </td><td> ".
|
||||
@@ -208,7 +208,7 @@ if ($_[2] == 1) {
|
||||
# Uploaded file field
|
||||
$rv .= "<tr><td>".&ui_oneradio("$_[0]_mode", 3, undef, $mode == 3).
|
||||
"</td>\n";
|
||||
$rv .= "<td colspan=4>".&ui_tag('strong', $text{'backup_mode3'})." ".
|
||||
$rv .= "<td colspan=4>$text{'backup_mode3'} ".
|
||||
&ui_upload("$_[0]_upload", 40).
|
||||
"</td> </tr>\n";
|
||||
}
|
||||
@@ -216,8 +216,7 @@ elsif ($_[2] == 2) {
|
||||
# Output to browser option
|
||||
$rv .= "<tr><td>".&ui_oneradio("$_[0]_mode", 4, undef, $mode == 4).
|
||||
"</td>\n";
|
||||
$rv .= "<td colspan=4>".&ui_tag('strong', $text{'backup_mode4'}).
|
||||
"</td> </tr>\n";
|
||||
$rv .= "<td colspan=4>$text{'backup_mode4'}</td> </tr>\n";
|
||||
}
|
||||
|
||||
$rv .= "</table>\n";
|
||||
|
||||
@@ -5,7 +5,7 @@ use strict;
|
||||
use warnings;
|
||||
no warnings 'redefine';
|
||||
no warnings 'uninitialized';
|
||||
our (%text, %config, $no_acl_check, %gconfig);
|
||||
our (%text, %config, $no_acl_check);
|
||||
$no_acl_check++;
|
||||
require './backup-config-lib.pl';
|
||||
&foreign_require("mailboxes", "mailboxes-lib.pl");
|
||||
@@ -76,10 +76,11 @@ if (($err || $backup->{'emode'} == 0) && $backup->{'email'}) {
|
||||
$postmsg;
|
||||
$subject = &text('email_sok', $host);
|
||||
}
|
||||
&mailboxes::send_text_mail(
|
||||
$config{'from_addr'} || &mailboxes::get_from_address(),
|
||||
$backup->{'email'} eq '*' ? $gconfig{'webmin_email_to'}
|
||||
: $backup->{'email'},
|
||||
undef, $subject, $msg);
|
||||
&mailboxes::send_text_mail($config{'from_addr'} ||
|
||||
&mailboxes::get_from_address(),
|
||||
$backup->{'email'},
|
||||
undef,
|
||||
$subject,
|
||||
$msg);
|
||||
}
|
||||
|
||||
|
||||
@@ -10,14 +10,11 @@ our (%in, %text, %gconfig);
|
||||
&ReadParse();
|
||||
|
||||
my $backup;
|
||||
my $wet = $gconfig{'webmin_email_to'};
|
||||
if ($in{'new'}) {
|
||||
&ui_print_header(undef, $text{'edit_title1'}, "");
|
||||
$backup = { 'emode' => 0,
|
||||
'email' => $wet ? '*' : undef,
|
||||
'email' => $gconfig{'webmin_email_to'},
|
||||
'sched' => 1,
|
||||
'configfile' => 1,
|
||||
'nofiles' => 0,
|
||||
'mins' => 0,
|
||||
'hours' => 0,
|
||||
'days' => '*',
|
||||
@@ -75,10 +72,7 @@ print &ui_hidden_table_start($text{'edit_header3'}, "width=100%", 2,
|
||||
|
||||
# Show email address
|
||||
print &ui_table_row($text{'edit_email'},
|
||||
$wet ? &ui_opt_textbox("email",
|
||||
$backup->{'email'} eq '*' ? undef : $backup->{'email'},
|
||||
40, &text('edit_email_def', "<tt>$wet</tt>"))
|
||||
: &ui_textbox("email", $backup->{'email'}, 40));
|
||||
&ui_textbox("email", $backup->{'email'}, 40));
|
||||
|
||||
# Show email mode
|
||||
print &ui_table_row($text{'edit_emode'},
|
||||
|
||||
@@ -30,7 +30,7 @@ my $using_strftime = 0;
|
||||
if (@backups) {
|
||||
# Show all scheduled backups
|
||||
print &ui_link("edit.cgi?new=1", $text{'index_add'});
|
||||
print "<br>\n";
|
||||
print "<br>\n";
|
||||
print &ui_columns_start([ $text{'index_dest'},
|
||||
$text{'index_mods'},
|
||||
$text{'index_sched'} ], 100);
|
||||
|
||||
@@ -27,7 +27,6 @@ edit_header=Scheduled backup options
|
||||
edit_header2=Pre and post backup commands
|
||||
edit_header3=Backup schedule
|
||||
edit_email=Email result to address
|
||||
edit_email_def=Webmin default ($1)
|
||||
edit_emode=When to send email
|
||||
edit_emode0=Always
|
||||
edit_emode1=Only when an error occurs
|
||||
|
||||
@@ -36,7 +36,7 @@ else {
|
||||
$backup->{'dest'} = &parse_backup_destination("dest", \%in);
|
||||
&cron::parse_times_input($backup, \%in);
|
||||
$backup->{'emode'} = $in{'emode'};
|
||||
$backup->{'email'} = $in{'email_def'} ? '*' : $in{'email'};
|
||||
$backup->{'email'} = $in{'email'};
|
||||
$backup->{'pre'} = $in{'pre'};
|
||||
$backup->{'post'} = $in{'post'};
|
||||
$backup->{'sched'} = $in{'sched'};
|
||||
|
||||
@@ -116,4 +116,4 @@ Name of the user to disable two-factor authentication for.
|
||||
|
||||
Copyright 2018 Jamie Cameron <jcameron@webmin.com>
|
||||
Joe Cooper <joe@virtualmin.com>
|
||||
Ilia Ross <ilia@virtualmin.com>
|
||||
Ilia Rostovtsev <ilia@virtualmin.com>
|
||||
|
||||
@@ -260,5 +260,5 @@ Set new user password. Using this option may be unsecure.
|
||||
|
||||
Copyright 2018 Jamie Cameron <jcameron@webmin.com>
|
||||
Joe Cooper <joe@virtualmin.com>
|
||||
Ilia Ross <ilia@virtualmin.com>
|
||||
Ilia Rostovtsev <ilia@virtualmin.com>
|
||||
|
||||
|
||||
393
bin/server
393
bin/server
@@ -22,7 +22,7 @@ sub main
|
||||
# If username passed as regular param
|
||||
my $cmd = scalar(@ARGV) == 1 && $ARGV[0];
|
||||
$cmd = $opt{'command'} if ($opt{'command'});
|
||||
if ($cmd !~ /^(stats|status|start|stop|restart|reload|force-restart|kill)$/) {
|
||||
if ($cmd !~ /^(status|start|stop|restart|reload|force-restart|kill)$/) {
|
||||
$cmd = undef;
|
||||
}
|
||||
|
||||
@@ -92,395 +92,6 @@ sub run
|
||||
}
|
||||
exit $rs;
|
||||
}
|
||||
if ($o->{'cmd'} =~ /^(stats)$/) {
|
||||
my $rs = 0;
|
||||
if (-x $systemctlcmd) {
|
||||
my $format_bytes = sub {
|
||||
my $bytes = shift;
|
||||
return "0" unless defined $bytes && $bytes =~ /^\d+$/;
|
||||
|
||||
my $mb = $bytes / 1048576;
|
||||
my $gb = $mb / 1024;
|
||||
|
||||
if ($gb >= 1) {
|
||||
return sprintf("%.2f GB", $gb);
|
||||
} elsif ($mb >= 1) {
|
||||
return sprintf("%.2f MB", $mb);
|
||||
} else {
|
||||
return sprintf("%.2f KB", $bytes / 1024);
|
||||
}
|
||||
};
|
||||
|
||||
# Check if service is running first
|
||||
my $is_active_cmd = qq{systemctl is-active "$service" 2>/dev/null};
|
||||
my $is_active = `$is_active_cmd`;
|
||||
$rs = $? >> 8;
|
||||
chomp($is_active);
|
||||
|
||||
if ($rs != 0 || $is_active ne 'active') {
|
||||
print "Service '$service' is not running (status: $is_active)\n";
|
||||
return 2;
|
||||
}
|
||||
|
||||
# Get main pid
|
||||
my $main_pid_cmd = qq{systemctl show -p MainPID --value "$service"};
|
||||
my $main_pid = `$main_pid_cmd`;
|
||||
$rs = $? >> 8;
|
||||
return $rs if $rs != 0;
|
||||
chomp($main_pid);
|
||||
|
||||
if (!$main_pid || $main_pid eq '0') {
|
||||
print "Service '$service' has no main PID\n";
|
||||
return;
|
||||
}
|
||||
|
||||
# Get process list
|
||||
my $cmd = qq{
|
||||
CG=\$(systemctl show -p ControlGroup --value "$service");
|
||||
P=\$({ cat /sys/fs/cgroup"\$CG"/cgroup.procs; systemctl show -p MainPID --value "$service"; } | sort -u);
|
||||
COLUMNS=10000 ps --cols 10000 -ww --no-headers -o pid=,ppid=,rss=,pmem=,pcpu=,args= --sort=-rss -p \$P |
|
||||
awk 'function h(k){m=k/1024;g=m/1024;return g>=1?sprintf("%.2fG",g):sprintf("%.1fM",m)} BEGIN{printf "%6s %6s %9s %6s %6s %-s\\n","PID","PPID","RSS_KiB","%MEM","%CPU","CMD (RSS_human)"} {cmd=substr(\$0,index(\$0,\$6)); printf "%6s %6s %9s %6s %6s %s (%s)\\n",\$1,\$2,\$3,\$4,\$5,cmd,h(\$3)}'
|
||||
};
|
||||
my $out = `$cmd`;
|
||||
$rs = $? >> 8;
|
||||
return $rs if $rs != 0;
|
||||
|
||||
# Extract pids from the output
|
||||
my @all_pids;
|
||||
foreach my $line (split(/\n/, $out)) {
|
||||
if ($line =~ /^\s*(\d+)\s+/) {
|
||||
push @all_pids, $1;
|
||||
}
|
||||
}
|
||||
|
||||
if (!@all_pids) {
|
||||
print "No processes found for service '$service'\n";
|
||||
return 3;
|
||||
}
|
||||
|
||||
# Reorder with main pid first, then rest sorted by size
|
||||
my @pids;
|
||||
if ($main_pid && $main_pid ne '' && grep { $_ eq $main_pid } @all_pids) {
|
||||
push @pids, $main_pid;
|
||||
push @pids, grep { $_ ne $main_pid } @all_pids;
|
||||
} else {
|
||||
@pids = @all_pids;
|
||||
}
|
||||
|
||||
# Print the table with main pid marked
|
||||
foreach my $line (split(/\n/, $out)) {
|
||||
if ($line =~ /^\s*$main_pid\s+/ && $main_pid) {
|
||||
chomp($line);
|
||||
print "$line [MAIN]\n";
|
||||
} else {
|
||||
print "$line\n";
|
||||
}
|
||||
}
|
||||
|
||||
# Check if lsof is available
|
||||
my $has_lsof = has_command('lsof');
|
||||
|
||||
# Get detailed info for each pid
|
||||
foreach my $pid (@pids) {
|
||||
my $is_main = ($pid eq $main_pid) ? " [MAIN PROCESS]" : "";
|
||||
|
||||
# Check if process still exists
|
||||
unless (-d "/proc/$pid") {
|
||||
print "\n\nProcess $pid no longer exists, skipping...\n";
|
||||
next;
|
||||
}
|
||||
|
||||
print "\n";
|
||||
print "╔" . "═"x78 . "╗\n";
|
||||
print "║" . sprintf("%-78s", " DETAILED ANALYSIS FOR PID $pid$is_main") . "║\n";
|
||||
print "╚" . "═"x78 . "╝\n";
|
||||
|
||||
# Working directory and binary
|
||||
print "\n┌─ WORKING DIRECTORY & BINARY " . "─"x49 . "\n";
|
||||
my $cwd = `readlink /proc/$pid/cwd 2>/dev/null`;
|
||||
chomp($cwd);
|
||||
print "CWD: $cwd\n" if $cwd;
|
||||
|
||||
my $exe = `readlink /proc/$pid/exe 2>/dev/null`;
|
||||
chomp($exe);
|
||||
print "EXE: $exe\n" if $exe;
|
||||
|
||||
my $root = `readlink /proc/$pid/root 2>/dev/null`;
|
||||
chomp($root);
|
||||
print "ROOT: $root\n" if $root && $root ne '/';
|
||||
|
||||
# Environment variables
|
||||
print "\n┌─ ENVIRONMENT VARIABLES " . "─"x54 . "\n";
|
||||
my $env = `cat /proc/$pid/environ 2>/dev/null | tr '\\0' '\\n' | grep -E '^(PATH|HOME|USER|LANG|TZ|LD_|PYTHON|JAVA|NODE|PORT|HOST|DB_|API_)' | sort`;
|
||||
if ($env) {
|
||||
print $env;
|
||||
} else {
|
||||
print "Unable to read environment\n";
|
||||
}
|
||||
|
||||
# Basic process info
|
||||
print "\n┌─ PROCESS INFO " . "─"x63 . "\n";
|
||||
my $ps_info = `ps -p $pid -o user=,pid=,ppid=,pri=,ni=,vsz=,rss=,stat=,start=,time=,cmd= 2>/dev/null`;
|
||||
if ($ps_info) {
|
||||
print "USER PID PPID PRI NI VSZ RSS STAT START TIME CMD\n";
|
||||
print $ps_info;
|
||||
} else {
|
||||
print "Process no longer exists\n";
|
||||
next;
|
||||
}
|
||||
|
||||
# Process tree
|
||||
print "\n┌─ PROCESS TREE " . "─"x63 . "\n";
|
||||
my $pstree = `pstree -p -a $pid 2>/dev/null`;
|
||||
if ($pstree) {
|
||||
print $pstree;
|
||||
} else {
|
||||
print "pstree not available\n";
|
||||
}
|
||||
|
||||
# Memory and status
|
||||
print "\n┌─ MEMORY & STATUS " . "─"x60 . "\n";
|
||||
my $status = `grep -E 'VmPeak|VmSize|VmRSS|VmSwap|RssAnon|RssFile|Threads|voluntary_ctxt|nonvoluntary_ctxt' /proc/$pid/status 2>/dev/null`;
|
||||
print $status || "N/A\n";
|
||||
|
||||
# Open file descriptors
|
||||
print "\n┌─ FILE DESCRIPTORS " . "─"x59 . "\n";
|
||||
my $fd_count = `ls -1 /proc/$pid/fd 2>/dev/null | wc -l`;
|
||||
chomp($fd_count);
|
||||
print "Total Open FDs: $fd_count\n";
|
||||
|
||||
if ($has_lsof) {
|
||||
print "\nFile Descriptor Types:\n";
|
||||
my $fd_types = `lsof +c 0 -p $pid 2>/dev/null | awk 'NR>1 {print \$5}' | sort | uniq -c | sort -rn`;
|
||||
print $fd_types || "Unable to get FD types\n";
|
||||
|
||||
print "\nDetailed File Descriptors:\n";
|
||||
my $all_fds = `lsof +c 0 -p $pid 2>/dev/null`;
|
||||
$all_fds =~ s/^/ /mg;
|
||||
print $all_fds || "No files open\n";
|
||||
} else {
|
||||
print "\n(Install lsof for detailed file descriptor analysis)\n";
|
||||
print "\nOpen FD Sample:\n";
|
||||
my $fd_sample = `ls -la /proc/$pid/fd 2>/dev/null | head -15`;
|
||||
print $fd_sample;
|
||||
}
|
||||
|
||||
# Network Connections
|
||||
print "\n┌─ NETWORK CONNECTIONS " . "─"x56 . "\n";
|
||||
|
||||
# tcp connections with details
|
||||
my $tcp_detailed = `ss -tnp -o 2>/dev/null | grep 'pid=$pid'`;
|
||||
my $tcp_count = `echo "$tcp_detailed" | grep -c 'pid=$pid'` || 0;
|
||||
chomp($tcp_count);
|
||||
print "Active TCP Connections: $tcp_count\n";
|
||||
|
||||
if ($tcp_count > 0) {
|
||||
print "\nTCP Connections (with timers and queues):\n";
|
||||
print $tcp_detailed;
|
||||
|
||||
print "\nConnection State Summary:\n";
|
||||
my $state_summary = `ss -tnp 2>/dev/null | grep 'pid=$pid' | awk '{print \$1}' | sort | uniq -c | sort -rn`;
|
||||
print $state_summary;
|
||||
|
||||
print "\nLocal Ports in Use:\n";
|
||||
my $local_ports = `ss -tnp 2>/dev/null | grep 'pid=$pid' | awk '{split(\$4,a,":"); print a[length(a)]}' | sort -n | uniq -c`;
|
||||
print $local_ports || "None\n";
|
||||
|
||||
print "\nRemote Endpoints:\n";
|
||||
my $remote_ips = `ss -tnp 2>/dev/null | grep 'pid=$pid' | awk '{print \$5}' | cut -d: -f1 | sort | uniq -c | sort -rn`;
|
||||
print $remote_ips || "None\n";
|
||||
}
|
||||
|
||||
# tcp listening
|
||||
my $tcp_listen = `ss -tlnp 2>/dev/null | grep 'pid=$pid'`;
|
||||
if ($tcp_listen) {
|
||||
print "\nTCP Listening Sockets:\n";
|
||||
print $tcp_listen;
|
||||
}
|
||||
|
||||
# udp connections
|
||||
my $udp_count = `ss -unp 2>/dev/null | grep -c 'pid=$pid'`;
|
||||
chomp($udp_count);
|
||||
if ($udp_count > 0) {
|
||||
print "\nUDP Connections: $udp_count\n";
|
||||
my $udp_conns = `ss -unp 2>/dev/null | grep 'pid=$pid'`;
|
||||
print $udp_conns;
|
||||
}
|
||||
|
||||
# udp listening
|
||||
my $udp_listen = `ss -ulnp 2>/dev/null | grep 'pid=$pid'`;
|
||||
if ($udp_listen) {
|
||||
print "\nUDP Listening Sockets:\n";
|
||||
print $udp_listen;
|
||||
}
|
||||
|
||||
# unix sockets
|
||||
my $unix_sockets = `ss -xp 2>/dev/null | grep 'pid=$pid' | wc -l`;
|
||||
chomp($unix_sockets);
|
||||
if ($unix_sockets > 0) {
|
||||
print "\nUnix Domain Sockets: $unix_sockets\n";
|
||||
}
|
||||
|
||||
# I/O Statistics
|
||||
print "\n┌─ I/O STATISTICS " . "─"x61 . "\n";
|
||||
my $io = `cat /proc/$pid/io 2>/dev/null`;
|
||||
if ($io) {
|
||||
print $io;
|
||||
# Parse and show human-readable
|
||||
my ($read_bytes, $write_bytes);
|
||||
if ($io =~ /read_bytes:\s*(\d+)/) {
|
||||
$read_bytes = $1;
|
||||
}
|
||||
if ($io =~ /write_bytes:\s*(\d+)/) {
|
||||
$write_bytes = $1;
|
||||
}
|
||||
if (defined $read_bytes && defined $write_bytes) {
|
||||
print "\nRead: " . $format_bytes->($read_bytes) .
|
||||
", Write: " . $format_bytes->($write_bytes) . "\n";
|
||||
}
|
||||
} else {
|
||||
print "N/A\n";
|
||||
}
|
||||
|
||||
# Resource Limits
|
||||
print "\n┌─ RESOURCE LIMITS " . "─"x60 . "\n";
|
||||
my $limits = `grep -E 'Max open files|Max processes|Max locked memory|Max address space|Max cpu time' /proc/$pid/limits 2>/dev/null`;
|
||||
print $limits || "N/A\n";
|
||||
|
||||
# Cgroup limits
|
||||
my $cg_path = `cat /proc/$pid/cgroup 2>/dev/null | grep '^0::' | cut -d: -f3`;
|
||||
chomp($cg_path);
|
||||
my $cgroup_output = "";
|
||||
if ($cg_path) {
|
||||
my $mem_limit = `cat /sys/fs/cgroup$cg_path/memory.max 2>/dev/null`;
|
||||
my $mem_current = `cat /sys/fs/cgroup$cg_path/memory.current 2>/dev/null`;
|
||||
my $cpu_max = `cat /sys/fs/cgroup$cg_path/cpu.max 2>/dev/null`;
|
||||
|
||||
chomp($mem_limit, $mem_current, $cpu_max);
|
||||
|
||||
if ($mem_limit && $mem_limit ne 'max') {
|
||||
$cgroup_output .= "Memory Limit: " . $format_bytes->(int($mem_limit)) . "\n";
|
||||
$cgroup_output .= "Memory Current: " . $format_bytes->(int($mem_current)) . "\n" if $mem_current;
|
||||
if ($mem_current) {
|
||||
my $pct = sprintf("%.1f", ($mem_current / $mem_limit) * 100);
|
||||
$cgroup_output .= "Memory Usage: $pct%\n";
|
||||
}
|
||||
}
|
||||
if ($cpu_max && $cpu_max ne 'max') {
|
||||
$cgroup_output .= "CPU Quota: $cpu_max\n";
|
||||
}
|
||||
}
|
||||
if ($cgroup_output) {
|
||||
print "\n┌─ CGROUP LIMITS " . "─"x62 . "\n";
|
||||
print $cgroup_output;
|
||||
}
|
||||
|
||||
# CPU & Scheduling
|
||||
print "\n┌─ CPU & SCHEDULING " . "─"x59 . "\n";
|
||||
my $sched = `grep -E 'se.sum_exec_runtime|nr_switches|nr_voluntary_switches|nr_involuntary_switches' /proc/$pid/sched 2>/dev/null | head -4`;
|
||||
if ($sched) {
|
||||
print $sched;
|
||||
}
|
||||
my $cpuset = `cat /proc/$pid/cpuset 2>/dev/null`;
|
||||
chomp($cpuset);
|
||||
print "CPUset: $cpuset\n" if $cpuset;
|
||||
|
||||
# Signal handlers
|
||||
print "\n┌─ SIGNAL HANDLERS " . "─"x60 . "\n";
|
||||
my $signals = `cat /proc/$pid/status 2>/dev/null | grep -E '^Sig(Cgt|Ign|Blk):'`;
|
||||
if ($signals) {
|
||||
print $signals;
|
||||
|
||||
# Decode signal masks
|
||||
my %signal_names = (
|
||||
1 => 'SIGHUP', 2 => 'SIGINT', 3 => 'SIGQUIT',
|
||||
4 => 'SIGILL', 5 => 'SIGTRAP', 6 => 'SIGABRT',
|
||||
7 => 'SIGBUS', 8 => 'SIGFPE', 9 => 'SIGKILL',
|
||||
10 => 'SIGUSR1', 11 => 'SIGSEGV', 12 => 'SIGUSR2',
|
||||
13 => 'SIGPIPE', 14 => 'SIGALRM', 15 => 'SIGTERM',
|
||||
16 => 'SIGSTKFLT', 17 => 'SIGCHLD', 18 => 'SIGCONT',
|
||||
19 => 'SIGSTOP', 20 => 'SIGTSTP', 21 => 'SIGTTIN',
|
||||
22 => 'SIGTTOU', 23 => 'SIGURG', 24 => 'SIGXCPU',
|
||||
25 => 'SIGXFSZ', 26 => 'SIGVTALRM', 27 => 'SIGPROF',
|
||||
28 => 'SIGWINCH', 29 => 'SIGIO', 30 => 'SIGPWR',
|
||||
31 => 'SIGSYS'
|
||||
);
|
||||
|
||||
my $decode_sigmask = sub {
|
||||
my ($hex_mask, $names_ref) = @_;
|
||||
return "none" if $hex_mask eq '0000000000000000';
|
||||
|
||||
# Convert hex to decimal
|
||||
my $mask = hex($hex_mask);
|
||||
my @signals;
|
||||
|
||||
# Check each bit
|
||||
for (my $i = 1; $i <= 31; $i++) {
|
||||
if ($mask & (1 << ($i - 1))) {
|
||||
push @signals, "$names_ref->{$i}($i)";
|
||||
}
|
||||
}
|
||||
|
||||
return @signals ? join(", ", @signals) : "none";
|
||||
};
|
||||
|
||||
print "\nDecoded:\n";
|
||||
if ($signals =~ /SigBlk:\s*([0-9a-f]+)/i) {
|
||||
print " Blocked: " .
|
||||
$decode_sigmask->($1, \%signal_names) . "\n";
|
||||
}
|
||||
if ($signals =~ /SigIgn:\s*([0-9a-f]+)/i) {
|
||||
print " Ignored: " .
|
||||
$decode_sigmask->($1, \%signal_names) . "\n";
|
||||
}
|
||||
if ($signals =~ /SigCgt:\s*([0-9a-f]+)/i) {
|
||||
print " Caught: " .
|
||||
$decode_sigmask->($1, \%signal_names) . "\n";
|
||||
}
|
||||
} else {
|
||||
print "N/A\n";
|
||||
}
|
||||
|
||||
# Memory maps sum
|
||||
print "\n┌─ MEMORY MAPS (top 20 by size) " . "─"x47 . "\n";
|
||||
my $maps = `awk '
|
||||
/^[0-9a-f]+-[0-9a-f]+/ {hdr=\$0}
|
||||
/^Size:/ {size=\$2}
|
||||
/^Rss:/ {rss=\$2}
|
||||
/^VmFlags:/ { if (rss>0) {print rss"\\t"size"\\t"hdr} rss=0; size=0 }
|
||||
' /proc/$pid/smaps 2>/dev/null | sort -rn | head -20`;
|
||||
|
||||
if ($maps) {
|
||||
print "RSS(MB)\tSize(MB)\tMapping\n";
|
||||
foreach my $map_line (split(/\n/, $maps)) {
|
||||
if ($map_line =~ /^(\d+)\s+(\d+)\s+(.+)$/) {
|
||||
my $rss_mb = sprintf("%.2f", $1 / 1024);
|
||||
my $size_mb = sprintf("%.2f", $2 / 1024);
|
||||
print "$rss_mb\t$size_mb\t\t$3\n";
|
||||
}
|
||||
}
|
||||
} else {
|
||||
print "Unable to read memory maps\n";
|
||||
}
|
||||
|
||||
# Recent logs
|
||||
print "\n┌─ RECENT LOGS (last 20 lines) " . "─"x48 . "\n";
|
||||
my $logs = `journalctl _PID=$pid -b -n 20 --no-pager -o short-precise 2>/dev/null`;
|
||||
if ($logs && $logs !~ /^-- No entries --/) {
|
||||
print $logs;
|
||||
} else {
|
||||
print "No recent logs found for this PID in current boot\n";
|
||||
}
|
||||
|
||||
print "\n" . "─"x79 . "\n";
|
||||
}
|
||||
|
||||
} else {
|
||||
print "Stats command is only available on systemd based systems.\n";
|
||||
$rs = 1;
|
||||
}
|
||||
exit $rs;
|
||||
}
|
||||
exit 0;
|
||||
}
|
||||
|
||||
@@ -563,5 +174,5 @@ sub root
|
||||
|
||||
Copyright 2018 Jamie Cameron <jcameron@webmin.com>
|
||||
Joe Cooper <joe@virtualmin.com>
|
||||
Ilia Ross <ilia@virtualmin.com>
|
||||
Ilia Rostovtsev <ilia@virtualmin.com>
|
||||
|
||||
|
||||
11
bin/webmin
11
bin/webmin
@@ -9,13 +9,6 @@ use Getopt::Long qw(:config permute pass_through);
|
||||
use Term::ANSIColor qw(:constants);
|
||||
use Pod::Usage;
|
||||
|
||||
# Check if root
|
||||
if ($> != 0) {
|
||||
die BRIGHT_RED, "Error: ", RESET, BRIGHT_YELLOW,"webmin", RESET,
|
||||
" command must be run as root\n";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
my $a0 = $ARGV[0];
|
||||
|
||||
sub main {
|
||||
@@ -287,7 +280,7 @@ sub get_command_path {
|
||||
}
|
||||
}
|
||||
if ($optref->{'commands'} &&
|
||||
$optref->{'commands'} =~ /^(stats|status|start|stop|restart|reload|force-restart|force-reload|kill)$/) {
|
||||
$optref->{'commands'} =~ /^(status|start|stop|restart|reload|force-restart|force-reload|kill)$/) {
|
||||
exit system("$0 server $optref->{'commands'}");
|
||||
} elsif ($command) {
|
||||
return $command;
|
||||
@@ -464,5 +457,5 @@ Returns Webmin and other modules and themes versions installed (only those for w
|
||||
|
||||
Copyright 2018 Jamie Cameron <jcameron@webmin.com>
|
||||
Joe Cooper <joe@virtualmin.com>
|
||||
Ilia Ross <ilia@virtualmin.com>
|
||||
Ilia Rostovtsev <ilia@virtualmin.com>
|
||||
|
||||
|
||||
@@ -1135,10 +1135,6 @@ elsif ($type eq "CNAME") {
|
||||
print &ui_table_row($text{'value_CNAME1'},
|
||||
&ui_textbox("value0", $v[0], 30)." ($text{'edit_cnamemsg'})", 3);
|
||||
}
|
||||
elsif ($type eq "ALIAS") {
|
||||
print &ui_table_row($text{'value_ALIAS1'},
|
||||
&ui_textbox("value0", $v[0], 30)." ($text{'edit_cnamemsg'})", 3);
|
||||
}
|
||||
elsif ($type eq "MX") {
|
||||
print &ui_table_row($text{'value_MX2'},
|
||||
&ui_textbox("value1", $v[1], 30));
|
||||
@@ -3121,11 +3117,7 @@ $slave_error = $_[0];
|
||||
|
||||
sub get_forward_record_types
|
||||
{
|
||||
return ("A", $config{'support_aaaa'} ? ( "AAAA" ) : ( ), "NS", "CNAME",
|
||||
$config{'allow_alias'} ? ( "ALIAS" ) : ( ),
|
||||
"MX", "HINFO", "TXT", "SPF", "DMARC", "WKS", "RP", "PTR", "LOC",
|
||||
"SRV", "KEY", "TLSA", "SSHFP", "CAA", "NAPTR", "NSEC3PARAM",
|
||||
@extra_forward);
|
||||
return ("A", "NS", "CNAME", "MX", "HINFO", "TXT", "SPF", "DMARC", "WKS", "RP", "PTR", "LOC", "SRV", "KEY", "TLSA", "SSHFP", "CAA", "NAPTR", "NSEC3PARAM", $config{'support_aaaa'} ? ( "AAAA" ) : ( ), @extra_forward);
|
||||
}
|
||||
|
||||
sub get_reverse_record_types
|
||||
|
||||
@@ -52,4 +52,3 @@ stop_cmd=systemctl stop named
|
||||
restart_cmd=systemctl reload named
|
||||
chroot=
|
||||
auto_chroot=
|
||||
allow_alias=0
|
||||
|
||||
@@ -52,4 +52,3 @@ spf_record=0
|
||||
dnssec_info=1
|
||||
chroot=
|
||||
auto_chroot=
|
||||
allow_alias=0
|
||||
|
||||
@@ -52,4 +52,3 @@ stop_cmd=systemctl stop named
|
||||
restart_cmd=systemctl reload named
|
||||
chroot=
|
||||
auto_chroot=
|
||||
allow_alias=0
|
||||
|
||||
@@ -52,4 +52,3 @@ stop_cmd=systemctl stop named
|
||||
restart_cmd=systemctl reload named
|
||||
chroot=
|
||||
auto_chroot=
|
||||
allow_alias=0
|
||||
|
||||
@@ -52,4 +52,3 @@ stop_cmd=systemctl stop named
|
||||
restart_cmd=systemctl reload named
|
||||
chroot=
|
||||
auto_chroot=
|
||||
allow_alias=0
|
||||
|
||||
@@ -52,4 +52,3 @@ stop_cmd=systemctl stop named
|
||||
restart_cmd=systemctl reload named
|
||||
chroot=
|
||||
auto_chroot=
|
||||
allow_alias=0
|
||||
|
||||
@@ -50,4 +50,3 @@ tmpl_dnssec_dt=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -52,4 +52,3 @@ stop_cmd=systemctl stop named
|
||||
restart_cmd=systemctl reload named
|
||||
chroot=
|
||||
auto_chroot=
|
||||
allow_alias=0
|
||||
|
||||
@@ -52,4 +52,3 @@ stop_cmd=systemctl stop named
|
||||
restart_cmd=systemctl reload named
|
||||
chroot=
|
||||
auto_chroot=
|
||||
allow_alias=0
|
||||
|
||||
@@ -47,4 +47,3 @@ restart_cmd=service named restart
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -48,4 +48,3 @@ start_cmd=systemctl start bind9.service
|
||||
stop_cmd=systemctl stop bind9.service
|
||||
restart_cmd=systemctl reload bind9.service
|
||||
dnssec_period=21
|
||||
allow_alias=0
|
||||
|
||||
@@ -48,4 +48,3 @@ start_cmd=systemctl start named.service
|
||||
stop_cmd=systemctl stop named.service
|
||||
restart_cmd=systemctl reload named.service
|
||||
dnssec_period=21
|
||||
allow_alias=0
|
||||
|
||||
@@ -38,4 +38,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -44,4 +44,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -48,4 +48,3 @@ start_cmd=systemctl start bind9.service
|
||||
stop_cmd=systemctl stop bind9.service
|
||||
restart_cmd=systemctl reload bind9.service
|
||||
dnssec_period=21
|
||||
allow_alias=0
|
||||
|
||||
@@ -48,4 +48,3 @@ start_cmd=systemctl start named.service
|
||||
stop_cmd=systemctl stop named.service
|
||||
restart_cmd=systemctl reload named.service
|
||||
dnssec_period=21
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -43,4 +43,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -44,4 +44,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -41,4 +41,3 @@ force_random=0
|
||||
spf_record=0
|
||||
pid_file=/var/run/named/pid
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -41,4 +41,3 @@ force_random=0
|
||||
spf_record=0
|
||||
pid_file=/var/run/named/pid
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -41,4 +41,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -43,4 +43,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -41,4 +41,3 @@ pid_file=/var/run/named/named.pid /private/var/run/named/named.pid
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -43,4 +43,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -43,4 +43,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -42,4 +42,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -42,4 +42,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -48,4 +48,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -41,4 +41,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -42,4 +42,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -45,4 +45,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -52,4 +52,3 @@ stop_cmd=systemctl stop named
|
||||
restart_cmd=systemctl reload named
|
||||
chroot=
|
||||
auto_chroot=
|
||||
allow_alias=0
|
||||
|
||||
@@ -52,4 +52,3 @@ spf_record=0
|
||||
dnssec_info=1
|
||||
chroot=
|
||||
auto_chroot=
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -41,4 +41,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -43,4 +43,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -41,4 +41,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -41,4 +41,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -45,4 +45,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -46,4 +46,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -48,4 +48,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -35,4 +35,3 @@ other_slaves=1
|
||||
updserial_man=1
|
||||
master_ttl=1
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -47,4 +47,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -47,4 +47,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -47,4 +47,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -40,4 +40,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -43,4 +43,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -41,4 +41,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -58,4 +58,3 @@ other_slaves=1
|
||||
force_random=0
|
||||
spf_record=0
|
||||
dnssec_info=1
|
||||
allow_alias=0
|
||||
|
||||
@@ -19,7 +19,6 @@ support_aaaa=Support DNS for IPv6 addresses,1,1-Yes,0-No
|
||||
allow_comments=Allow comments for records,1,1-Yes,0-No
|
||||
allow_wild=Allow wildcards?,1,1-Yes,0-No
|
||||
allow_underscore=Allow underscores in record names?,1,1-Yes,0-No
|
||||
allow_alias=Allow ALIAS records?,1,1-Yes,0-No
|
||||
short_names=Convert record names to canonical form?,1,0-Yes,1-No
|
||||
extra_forward=Extra record types for forward zones,0
|
||||
extra_reverse=Extra record types for reverse zones,0
|
||||
|
||||
@@ -57,7 +57,6 @@ foreach my $z (&find("zone", $vconf)) {
|
||||
}
|
||||
}
|
||||
my $masterport = $in{'port_def'} ? undef : $in{'port'};
|
||||
my $masterkey = $in{'key_def'} ? undef : $in{'key'};
|
||||
my @masters = split(/\s+/, $in{'masters'});
|
||||
foreach my $m (@masters) {
|
||||
&check_ipaddress($m) || &check_ip6address($m) ||
|
||||
@@ -107,9 +106,6 @@ my $masters = { 'name' => 'masters',
|
||||
if (defined($masterport)) {
|
||||
$masters->{'values'} = [ 'port', $masterport ];
|
||||
}
|
||||
if ($masterkey) {
|
||||
$masters->{'values'} = [ 'key', $masterkey ];
|
||||
}
|
||||
my $dir = { 'name' => 'zone',
|
||||
'values' => [ $in{'zone'} ],
|
||||
'type' => 1,
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 5.8 KiB After Width: | Height: | Size: 202 B |
Binary file not shown.
|
Before Width: | Height: | Size: 5.9 KiB After Width: | Height: | Size: 248 B |
Binary file not shown.
|
Before Width: | Height: | Size: 10 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 9.9 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 10 KiB After Width: | Height: | Size: 251 B |
Binary file not shown.
|
Before Width: | Height: | Size: 4.5 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 11 KiB After Width: | Height: | Size: 364 B |
@@ -184,7 +184,6 @@ slave_ecannot=You are not allowed to edit this zone
|
||||
slave_opts=Zone Options
|
||||
slave_masters=Master servers
|
||||
slave_masterport=Server port
|
||||
slave_masterkey=Server key
|
||||
slave_max=Maximum transfer time
|
||||
slave_file=Records file
|
||||
slave_check=Check names?
|
||||
@@ -262,7 +261,7 @@ edit_upfwd=Update forward?
|
||||
edit_err=Failed to save record
|
||||
edit_egone=Selected record no longer exists!
|
||||
edit_ettl='$1' is not a valid time-to-live
|
||||
edit_eip='$1' is not a valid IP4 address
|
||||
edit_eip='$1' is not a valid IP address
|
||||
edit_eip6='$1' is not a valid IPv6 address
|
||||
edit_ehost='$1' is not a valid hostname
|
||||
edit_eserv2='$1' is not a valid service name
|
||||
@@ -309,8 +308,8 @@ edit_espfa='$1' is not a valid host to allow sending from
|
||||
edit_espfa2='$1' must be a hostname, not an IP address
|
||||
edit_espfmx='$1' is not a valid domain name to allow MX sending from
|
||||
edit_espfmxmax=You are not allowed to have more than 10 domains to allow MX sending from
|
||||
edit_espfip='$1' is not a valid IPv4 address or IPv4 prefix to allow sending from
|
||||
edit_espfip6='$1' is not a valid IPv6 address or IPv6 prefix to allow sending from
|
||||
edit_espfip='$1' is not a valid IP address or IP/prefix to allow sending from
|
||||
edit_espfip6='$1' is not a valid IPv6 address or IPv6/prefix to allow sending from
|
||||
edit_espfinclude='$1' is not a valid additional domain from which mail is sent
|
||||
edit_espfredirect='$1' is not a valid alternate domain name
|
||||
edit_espfexp='$1' is a valid record name for a rejection message
|
||||
@@ -394,11 +393,10 @@ boot_err=Download failed
|
||||
boot_egzip=The root zone file is compressed, but the <tt>gzip</tt> command is not installed on your system!
|
||||
boot_egzip2=Uncompression of root zone file failed : $1
|
||||
|
||||
type_A=IPv4 Address
|
||||
type_A=Address
|
||||
type_AAAA=IPv6 Address
|
||||
type_NS=Name Server
|
||||
type_CNAME=Name Alias
|
||||
type_ALIAS=Address Alias
|
||||
type_MX=Mail Server
|
||||
type_HINFO=Host Information
|
||||
type_NSEC3PARAM=DNSSEC Parameters
|
||||
@@ -417,11 +415,10 @@ type_KEY=Public Key
|
||||
type_CAA=Certificate Authority
|
||||
type_NAPTR=Name Authority Pointer
|
||||
|
||||
edit_A=IPv4 Address
|
||||
edit_A=Address
|
||||
edit_AAAA=IPv6 Address
|
||||
edit_NS=Name Server
|
||||
edit_CNAME=Name Alias
|
||||
edit_ALIAS=Address Alias
|
||||
edit_MX=Mail Server
|
||||
edit_HINFO=Host Information
|
||||
edit_TXT=Text
|
||||
@@ -440,11 +437,10 @@ edit_CAA=Certificate Authority
|
||||
edit_NAPTR=Name Authority Pointer
|
||||
|
||||
recs_defttl=Default TTL
|
||||
recs_A=IPv4 Address
|
||||
recs_A=Address
|
||||
recs_AAAA=IPv6 Address
|
||||
recs_NS=Name Server
|
||||
recs_CNAME=Name Alias
|
||||
recs_ALIAS=Address Alias
|
||||
recs_MX=Mail Server
|
||||
recs_HINFO=Host Information
|
||||
recs_TXT=Text
|
||||
@@ -464,11 +460,10 @@ recs_CAA=Certificate Authority
|
||||
recs_NAPTR=Name Authority
|
||||
recs_delete=Delete Selected
|
||||
|
||||
value_A1=IPv4 Address
|
||||
value_A1=Address
|
||||
value_AAAA1=IPv6 Address
|
||||
value_NS1=Name Server
|
||||
value_CNAME1=Real Name
|
||||
value_ALIAS1=Copy Address From
|
||||
value_MX1=Priority
|
||||
value_MX2=Mail Server
|
||||
value_HINFO1=Hardware
|
||||
@@ -511,7 +506,7 @@ value_spfmx=Allow sending from domain's MX hosts?
|
||||
value_spfptr=Allow sending from any host in domain?
|
||||
value_spfas=Additional allowed sender hosts
|
||||
value_spfmxs=Additional allowed sender MX domains
|
||||
value_spfip4s=Additional allowed sender IPv4 addresses/networks
|
||||
value_spfip4s=Additional allowed sender IP addresses/networks
|
||||
value_spfip6s=Additional allowed sender IPv6 addresses/networks
|
||||
value_spfincludes=Other domains from which mail is sent
|
||||
value_spfall=Action for other senders
|
||||
@@ -1207,7 +1202,6 @@ dnssec_secs=seconds
|
||||
dnssec_desc=Zones signed with DNSSEC typically have two keys - a zone key which must be re-generated and signed regularly, and a key signing key which remains constant. This page allows you to configure Webmin to perform this re-signing automatically.
|
||||
dnssec_err=Failed to save DNSSEC key re-signing
|
||||
dnssec_eperiod=Missing or invalid number of days between re-signs
|
||||
dnssec_eperiod30=Number of days between re-signs must be less than 30
|
||||
|
||||
dnssectools_title=DNSSEC-Tools Automation
|
||||
dt_conf_title=DNSSEC-Tools Automation
|
||||
@@ -1361,7 +1355,7 @@ xfer_done=.. from $1 : Completed OK
|
||||
xfer_count=Test transfer successfully fetched $1 records from at least one nameserver. Actual transfers by BIND should also succeed.
|
||||
xfer_none=Test transfer appeared to succeed, but didn't actually fetch any records!
|
||||
|
||||
tls_title=SSL Keys and Certificates
|
||||
tls_title=SSL Keys And Certificates
|
||||
tls_ecannot=You are not allowed to edit SSL keys and certificates
|
||||
tls_esupport=SSL keys and certificates are not supported on this system
|
||||
tls_name=Key name
|
||||
@@ -1369,6 +1363,8 @@ tls_key=Key file
|
||||
tls_cert=Certificate file
|
||||
tls_ca=CA certificate file
|
||||
tls_ca_def=None required
|
||||
tls_ecannot=You are not allowed to edit SSL keys and certificates
|
||||
tls_esupport=DNS over SSL is not supported on this system
|
||||
tls_none=No SSL keys have been added yet.
|
||||
tls_add=Add a new SSL key.
|
||||
tls_desc=The SSL keys and certificates listed on this page can be used to enable DNS over SSL/TLS.
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user