Ensim® Pro and Ensim Basic 3.7.1 for Linux® Release Notes

April 2, 2004

Introduction

These release notes provide information about Ensim® Pro and Ensim Basic 3.7.1 for Linux®. This release upgrades Ensim WEBppliance™ 3.5.20 and Ensim WEBppliance 3.5.21 for Linux to Ensim Pro and Ensim Basic 3.7.1 for Linux. It includes support for Fedora™ Core 1.0 operating system, new features and enhancements, and resolution of key issues.

For simplicity, we refer to Ensim Pro and Ensim Basic 3.7.1 for Linux as “Ensim Control Panel” throughout this document.

---

Topics include:

About Ensim Control Panel
Migration of WEBppliance 3.5.2x servers
New features
Product enhancements
Resolved issues
Known issues and limitations
Feedback and support
Legal and copyright notice



While this release provides support for inbox upgrade of WEBppliance 3.5.2x for Linux to Ensim Pro and Ensim Basic 3.7 for Linux (Fedora), Ensim highly recommends that you consider a migration strategy -- that of installing Ensim Pro and Ensim Basic 3.7.0 for Linux (Fedora) on a new server, then migrating the data from the old server to the new server.

For more information, please refer to Migration of WEBppliance 3.5.2x servers.

---

About Ensim Control Panel

Ensim Control Panel is a software application designed to simplify Web hosting by controlling and automating common hosting tasks. It is packaged with core Web hosting server applications and services, including Web site capabilities, FTP capabilities, email capabilities, and backup and restore capabilities.

Ensim Control Panel offers two product options.

Ensim Basic. Ensim Basic is designed to support a single organization’s management of a Web server and one or more Web sites.
Ensim Pro. Ensim Pro is designed for professional hosting of multiple companies on a single Web server.

Migration of WEBppliance 3.5.2x servers

This release enables you to upgrade from Ensim WEBppliance 3.5.2x for Linux to Ensim Pro and Ensim Basic 3.7.1 for Linux. However, Ensim highly recommends that you consider migrating your data from the existing WEBppliance 3.5.2x server to a new server with Ensim Pro and Ensim Basic 3.7.0 for Linux (Fedora) installed on it. This will put your customers in a safer environment where their Web sites can continue to run on the old server while you move them onto a new server. While there are additional costs associated with such a strategy, it may serve to benefit your customers.

Red Hat's experience with the consumer releases has shown that many systems accumulate software of unknown origin and quality over time, and that it is extremely difficult to upgrade such systems in a reliable manner. Since it is important to ensure that Red Hat Linux deployments start from a fresh, known state, Red Hat does not provide upgrade capability for consumer releases and requires migration (that is, a fresh installation followed by transfer of data) to any Red Hat Linux product. For more information, please visit
https://www.redhat.com/apps/webform.html?event_type=whitepaper&eid=259

For instructions on installing Fedora and Ensim Pro and Ensim Basic 3.7.0 for Linux, please refer to the document Installing Fedora™ Core 1.0 and Ensim® Pro and Ensim Basic 3.7 for Linux® (LS) guide at http://www.ensim.com/support/pro/linux/37_index.html. For instructions on backing up sites from the old server and restoring them on the new server, please refer to the Appliance Administrator Online Help at
http://www.ensim.com/support/wpls/index.html.

New features

Ensim Control Panel introduces the following features.

Email scanning services
Support for dual Apache configuration
Availability of the User Administrator control panel for Ensim Basic users

Email scanning services

Ensim Control Panel provides a comprehensive suite of email scanning services that enables effective management of the Spam Filter and Mail Scanning services. These services are also available to your resellers.

Spam management

The Spam Filter service enables you to:

Control scanning. You can control the rate of scanning and thereby control usage of system resources in scanning.
Delegate control and management of spam to the User Administrator. When you enable the spam service for a site, the User Administrator is automatically empowered with discretionary spam control and management capability and can set an appropriate spam threshold that determines whether an email message is legitimate or spam. Further, the User Administrator can manage spam by choosing to delete it, have it delivered as an attachment or as a regular email message to the inbox, or quarantine it in a spam folder.

The Spam Filter service uses the spam scanning application SpamAssassin™ to enable spam filtering.

Mail Scanning

The Mail Scanning service scans email messages for viruses. You can configure the appropriate scan settings and enable scanning for incoming or outgoing email messages or both.

The Mail Scanning service uses the email scanning applications MailScanner and Clam AntiVirus to provide virus scanning capability.

Support for dual Apache configuration

Ensim Control Panel introduces the flexibility of hosting sites on Web servers running Apache 2.0 or Apache 1.3. The support for dual Web servers enable you to:

Effortlessly swap the Production and the Test Web server without manual reconfiguration of the Web server port.
Test Web sites on the designated Test Web server by simply specifying the Test Web server port number in the site URL.

By default, Apache 1.3 is designated as the Production Web server so that you can migrate your data easily while upgrading from WEBppliance 3.5.20 or WEBppliance 3.5.21; however, Ensim recommends you to set up Apache 2.0 as the Production Web server.

Before setting up Apache 2.0 as the Production Web server, please check if all the sites currently on Apache 1.3 are active.

For FrontPage-related issues after setting up Apache 2.0 as the Production Web server, please refer to the Knowledge Base article at http://onlinesupport.ensim.com/TWKB/Viewcase.asp?QSRuleID=915.

---

To set up Apache 2.0 as the Production Web server, perform the following steps:

Log on to the Appliance Administrator control panel using your user name and password.
On the System Menu, click Web Server.
On the Configuration page, in the Apache 2.0 Configuration section, click Set to Production Server.
Stop one of the Web servers by clicking .
Restart the other Web server by clicking .
Start the first Web server by clicking .


If a Web server is not being used, it may be stopped to conserve system resources.

---

To stop the Web server, perform the following steps:

Log on to the Appliance Administrator control panel using your user name and password.
On the System Menu, click Services. The Subscribed Services page opens.
Locate the Web server that you want to stop and in the Actions column of the service,
click .

Availability of the User Administrator control panel for Ensim Basic users

Users of sites hosted on Ensim Basic can now perform basic administrative or management tasks such as managing email, setting spam options, managing Web site content, or backing up and restoring data using the User Administrator control panel.

To log on to the control panel, type the following URL in the Address field of your browser.

http://<servername>, where <servername> is the name of the control panel server.

The Welcome page for Ensim Basic now displays the User Administrator login page as against the Appliance Administrator login page in previous versions. Appliance Administrators must now use the following URL to log on to the control panel.
http://<servername>/admin, where <servername> is the name of the control panel server.

---

Product enhancements

Substantial improvements to existing features extend and enhance the capabilities of Ensim Control Panel. The following improvements are introduced.

Enhancement to the Ensim Virtual Private File System
Optimized log management
Use of standard packages
Compatibility with MySQL™ 4.0.x

Enhancement to the Ensim Virtual Private File System

Ensim Control Panel creates a Virtual Private File System (VPFS) for each site created. When a site is created, the file system for that site is populated with a default set of services from a template. This is done using hard links.

Earlier versions of Ensim Control Panel contained a pre-built VPFS template that contained a copy of every service possible. This template could only be changed through an upgrade to the Ensim Control Panel released by Ensim. In Ensim Control Panel, the template mechanism has been enhanced. It no longer contains a copy (that is, binaries) of the service. Instead the template contains a filter to select services from the root file system. This template is used during site creation and modification to dynamically generate the VPFS for any site. You can now modify the template without requiring a software upgrade from Ensim.

The following are the benefits of this change:

The size of the template (virtualhosting-fst-<service>.rpm) is much smaller.
Using this mechanism, service updates (such as security fixes) can be quickly installed at the root level and then applied to all existing sites.
You can modify the template to deploy additional services to each site.

Procedure to update RPMs

In order to synchronize updated services (RPMs) into all site file systems, you need to take Ensim Control Panel through its “maintenance mode” state which causes it to update the sites. Run the following steps:

Upgrade, or reinstall, any RPM.
Run the following commands as root:
set_pre_maintenance
set_maintenance
set_post_maintenance
service webppliance restart

Advanced usage: If you want to add a new RPM to any service, edit the appropriate .sh file for that service in /etc/virtualhosting/filelists/<servicename>.sh. Follow the instructions included in that file. Ensure that you know exactly what you are doing when manipulating these files. After editing the file, make Ensim Control Panel go through maintenance mode (See Step 2 above).

Optimized log management

In the earlier versions of Ensim Control Panel, each Web server log file used a file descriptor. A file descriptor is a unique file handle spawned by Apache when a file is opened. With an increase in the number of active sites, the number of file descriptors used exceeded the limit stipulated by the service. As a result, the service was customized to update the limit to a higher value and recompiled.

Ensim Control Panel introduces a sophisticated, robust logging system that limits the usage of file descriptors by the Web server log files using a process called centralized logging. Centralized logging enables the Web server to send error and access log messages to an intermediate process that processes the logs and writes them to the respective log files. The optimized process now uses only a single file descriptor obsoleting the need to customize the service. You can now upgrade the Apache service RPMs as and when your business needs dictate the change without requiring a software upgrade from Ensim.

Use of standard packages

Earlier versions of Ensim Control Panel customized a number of key services to resolve issues, enhance security, and improve the performance of hosting domains. While these customizations provided a superior hosting environment, they also impacted flexibility in managing these services and increased the latency period for releasing critical service security patches.

Ensim Control Panel removes customizations made by Ensim to critical services enabling self-managed deployment of services in accordance with business necessities. However, Ensim Control Panel retains customizations to certain services. Since these are no longer available or supported, Ensim is providing these as a value added enhancement. You can find more information on the Web at http://www.ensim.com/support/index.html

These services are:

Apache 1.3 (and its modules).

Ensim Control Panel provides the flexibility of hosting sites on Web servers running Apache 1.3 or Apache 2.0. However, since Fedora™ Core 1.0 does not support Apache 1.3, future service updates will be available only from Ensim.



After upgrading to the latest version of Ensim Control Panel with Apache 2.0, if you install a new security patch or upgrade to a newer version of Apache 2.0, you must restart the httpd service before using the Web server.

---

All services that are originally available in the tarball format.

Ensim Control Panel uses the RPM format for managing services. However, certain services are released by vendors only in the tarball format requiring Ensim Control Panel to convert these services to the RPM format and thus customize them.

However, the source RPMs of these services (containing Ensim customizations) will be made available for download and use to customers whenever a security patch is released by the service vendor, prior to the official release from Ensim. This enables you to use the source RPMs and self-create the RPM packages for installation on to an Ensim Control Panel server as soon as a security patch for the service is released without having to wait for the official release from Ensim.

Compatibility with MySQL™ 4.0.x

If you have MySQL 4.0 installed on your WEBppliance 3.5.2x server, and try to upgrade to the latest version of Ensim Control Panel, the upgrade will fail with an error. To resolve this issue, please take a backup of the MySQL database and ensure that the MySQL RPMs are restored back to the original versions provided with the Red Hat 7.3 installation. After upgrading to the latest version of Ensim Control Panel, you can upgrade back to MySQL 4.0 using the instructions given below.

---

The license for MySQL 4.0.x prohibits commercial distribution of the aforesaid version. As a result, Ensim Control Panel supports MySQL 3.x in this release. However, it provides a compatible service platform that enables you to upgrade to MySQL 4.0.x after installation.

To upgrade:

Create a directory to download the RPMs.
Connect to the MySQL Web site http://www.mysql.com/downloads/mysql-4.0.html.
Locate the download section Linux x86 RPM Downloads.
Download the following RPMS to the directory created in Step 1.
Server
Client programs
Dynamic client libraries
Dynamic client libraries (including 3.23.x libraries)

You may download other RPMs that are listed in the section to meet specific requirements.

Change to the directory where you downloaded the RPMs.
Log on to Ensim Control Panel server as the root user and perform the following steps.
Upgrade the MySQL RPM on the server.

                    # rpm -Uvh MySQL*.rpm

Update the site file system with the changes effected in the root file system (as a result of the upgrade).

# set_pre_maintenance

# set_maintenance

# set_post_maintenance

# service webppliance restart

Restart the MySQL service.

# service mysqld restart

Resolved issues

This section describes the resolved issues of Ensim Control Panel. The numbers in parentheses indicate the Ensim problem report (PR) number.

Issue: Usage of the special character “_” in a MySQL database name could be exploited to allow indiscriminate access to site databases. (PR 23687)

Resolution: The implementation of the wildcard character “_” in a database name has been changed to enable secure database access.

Issue: Invalid requests generated by Internet worms caused the mod_frontpage module to produce segmentation fault errors in the Apache service. (PR 25524)

Resolution: The Apache service now successfully handles invalid requests generated by Internet worms.

Issue: The Logrotate service was disabled when the administrator of a site modified his password. (PR 30014)

Resolution: Ensim Control Panel resolves the issue to prevent misconfiguration of the service when the password is modified.

Issue: The configuration files of the Miva® Merchant service were deleted when a site was disabled and subsequently re-enabled. (PR 28562)

Resolution: Ensim Control Panel now retains the configuration files when a site is disabled and re-enabled.

Issue: Hard linking Webalizer files to files on the control panel server allowed the administrator of a site to access files on the server as the root user. (PR 29743)

Resolution: Ensim Control Panel now disallows activation of the Webalizer service for a site if hard links to server files are located.

Issue: Using the List Databases option on the MySQL menu of the Site Administrator control panel produced an error. (PR 26759)

Resolution: The List Databases option now successfully displays the list of site databases.

Issue: The Last Usage Reports displayed incorrect statistics on bandwidth usage.
(PR 26364)

Resolution: The Last Usage Reports now provides correct statistical information on bandwidth usage.

Issue: Email messages that exceed the disk space allocated to a user were queued in the
/var/spool/mqueue directory without returning the email to the sender. (PR 26415)

Resolution: Ensim Control Panel now returns the email messages to the sender and displays an appropriate error message.

Issue: Stopping the Apache service failed to stop all the active Apache sub-processes.
(PR 26749)

Resolution: The Apache service scripts have been modified to stop all active Apache sub-processes when the service is stopped.

Issue: The absence of the remote access authentication file pam_xauth.so in a site’s file system disallowed operations on the site. (PR 28983)

Resolution: The pam_xauth.so file is now included in the site’s file system resolving the issue.

Issue: When the IP address of an IP-based site was changed, the name server records of the subdomains hosted on the site were not updated. (PR 26414)

Resolution: The name server records of the subdomains hosted on a site are now updated if the IP address of the site is changed.

Issue: The Miva Merchant configuration files were not updated when a site hosting a Miva Merchant storefront was migrated to another server rendering the storefront inaccessible. (PR 28632)

Resolution: The Miva Merchant configuration files are now updated when a site is migrated to another server.

Issue: Apache ceased to function on sites that hosted a large number of subdomains as a result of incorrect parsing of related directives in the Apache configuration file. (PR 28647)

Resolution: The Apache service now functions successfully irrespective of the number of subdomains hosted on a site.

Issue: When Ensim Control Panel restarted the ProFTPD remote access service after modifications to a site, the service was inaccessible for the period of time corresponding to the number of sites hosted on the server. (PR 17316)

Resolution: The ProFTPD service is now not impacted when sites are modified.

Issue: Users were unable to connect to a site using Microsoft® FrontPage® if the site created using Microsoft FrontPage was moved from one server to another or restored from the backup. (PR 28571)

Resolution: Users can now successfully connect to sites using Microsoft FrontPage after moving them from one server to another or restoring from backup.

Issue: Files that exceeded two Gigabytes (GB) in size could not be backed up. (PR 29239)

Resolution: Ensim Control Panel now successfully enables backup of large files.

Issue: Whenever a cgi script was executed, an entry was placed in the /var/log/suexec_log file causing the file to grow significantly in the absence of log rotation.
(PR 28378)

Resolution: Ensim Control Panel now implements rotation for suexec_log, access_log-ssl, and error_log-ssl log files.

Known issues and limitations

This section describes the known issues of Ensim Control Panel. The numbers in parentheses indicate the Ensim problem report (PR) number.

The Web browser displays the error "Internal Server Error" when you attempt to view a Web page that uses perl scripts located in the /var/www/perl directory of Medium and Low security sites. This is because the access information of these scripts appear unreadable to the Web server. This is an open issue with the mod_perl module of Apache 2.0 running on Fedora Core 1.0. (PR 30656)
Services that are affected by blocked system signals, if started or restarted using the Subscribed Services page in the Appliance Administrator control panel, may malfunction. For example, if you start or restart the Apache service from the page, the service cannot automatically recognize new or updated sites and requires a manual restart after each site creation or update operation. (PR 30466)

If you inadvertently restart a service through the page, you may resolve the problem using one of the following options.

Option 1: Restart the affected service using the Command Line Interface.

For example, if you want to restart the Apache service, type the following command at the prompt.

# service httpd restart



Option 1 is ineffective if you use the Subscribed Services page to restart the SSH service and subsequently use the SSH service to restart Apache. To resolve the issue in this case, you must choose Option 2.

---

Option 2: Shut down the Ensim Pro server, then start the server.
Backing up a server that hosts more than 241 sites may fail. (PR 24976)

Solution: To resolve the problem, split the backup into multiple files.

High frequency of log rotation and compression of the log files cause Analog to generate erratic log reports. For example, if a Site Administrator logged on to a site and requested log reports for the previous week, Analog reported statistics only for two days—the day of the request and the previous day. (PR 25769)

Solution: To resolve the problem, please follow the instructions specified in the Knowledge Base article at http://onlinesupport.ensim.com/TWKB/Viewcase.asp?QSRuleID=753.

Inconsistent validation of certain acceptable characters restricts their usage in a MySQL database name. For example, using the “+” character in a database name results in successful creation of a database but disallows removal of the database using the control panel. (PR 25863)
When you restore a site on to another server that hosts a site using the same site ID as the site being restored, a new site ID is assigned to the restored site. However, the site ID referenced by the Power Tools installed on the site are not updated rendering them inaccessible. (PR 30506)

To overcome the limitation, restore the site on to a server that does not have any sites hosted on it or on a server that does not host a site identified by the same site ID.

User names including a period “.“ or with the first alphabet in upper case are not supported on Fedora Core 1 operating system. (PR 31023)
Existing Ensim WEBppliance 3.5.2x (LH) users, who have not installed the Power Tools 1.0 add-on will not be able to install Power Tools 1.0 or Power Tools 1.5 after upgrading to the latest version of Ensim Control Panel.
If you have MailScanner installed on your WEBppliance 3.5.2x server, please refer to the Knowledge Base article at http://onlinesupport.ensim.com/TWKB/Viewcase.asp?QSRuleID=916.

Feedback and support

To take advantage of Ensim's support services or to find additional product documentation, visit the Ensim support site, http://support.ensim.com.

To log in to Ensim online support, go to https://onlinesupport.ensim.com.

To provide feedback about Ensim products or documentation, please use the feedback form at http://www.ensim.com/about/feedback.asp.

Legal and copyright notice

This document contains information proprietary to Ensim Corporation and its receipt or possession does not convey any rights to reproduce, disclose, manufacture, or sell anything it might describe. Reproduction, disclosure, or use without Ensim’s specific written authorization is strictly forbidden.

Ensim Corporation makes no representations or warranties with respect to the content or use of this document. It also reserves the right to revise this document at any time without the obligation to notify any person of such revision.

Ensim and the Ensim logo are registered trademarks of Ensim Corporation.

All other trademarks and copyrights are the property of their respective owners.

© 2004 Ensim Corporation. All rights reserved.