Quick Links 

HTTProtect Solaris FAQ
HTTProtect ISP Edition for ISP FAQ
HTTProtect ISP Edition for VH FAQ
VPDisk FAQ

for Linux Frequently Asked Questions

Q: Why won't Postfix launch?
A: When you installed Linux, you provided an incomplete Internet name. Postfix requires a fully qualified domain name, unless you override the default with the $myorigin setting in /etc/postfix/main.cf. On Red Hat 6.2, this is very easy to fix. As the root user, you can use the hostname command to change the name of the system immediately; edit the contents of /etc/HOSTNAME to make the change permanent. Once you have the correct machine name, type:

/etc/rc.d/init.d/postfix start

to launch Postfix.

Q: How do I stop getting the message "Apache starting without SSL"?
A: You have no site certificate. You can generate one using the openssl program; please see Installation as an Add-on for instructions regarding manual certificate generation.

Q: How do I stop getting the password prompt during Apache-SSL startup?
A: If your site certificate is not PEM-encrypted, you will not be asked for a password. If you have a certificate from a CA such as VeriSign or Thawte, you will be asked for the PEM password you used when you created your certificate request. However, certificates generated by openssl on your system are not encrypted.
This does not mean that your secure HTTP traffic isn't secure; it just means that the certificate itself is not encrypted on your system.
HTTProtect locks your certificate directories, in addition to other critical directories, so outside intruders cannot delete your certificates, or substitute their own onto your system.

Q: How do I harden and/or un-harden a directory in the server?
A: The system hardening on the web server is done through the file /etc/omnisecure/lock_list. Updating this file requires omnish privileges. Execute the following command after modifying the lock_list for the hardening to take effect:

Hardening: omnish -h
Unhardening: omnish -u

CAUTION: In the lock_list syntax:

<directory path> ; node|tree ; <lock type>

The node/tree takes precedence over <lock type>, hard/hard+ and soft/soft+ are not recommended as the <lock type>. The lock_list is used for system hardening/unhardening purposes; webpage-related hardening must be done as above. Also, we recommend to follow the sequence when updating the lock_list:

omnish -u
(update the lock_list file)
omnish -h

Q: How do I lock a directory on a server that has HTTProtect?
A: The method uses the same wrapping method as "vpd delegate". You can create a file containing:

vpd lock -t <lock-type> -c <cipher> -k <key> <output_dir>

as its content using appropriate lock-type, cipher, key and directory name. You then delegate this script using "vpd delegate <script> <keybox>. After delegation, run this script, using the same output_dir for hard+ locking.
If you are delegating a script to put output data in that hard+ locked directory, then everytime you run that script, it will put output data inside that directory and  will be encrypted. (The user manual has a more complete explanation of delegation).