Fidolas

May be you should change line 87 in /scripts/cwp_security_audit like this: local CURRENT_PORTS=$(ss -ltnp | grep "pid=$PID," | sed -nE 's/.*:([0-9]+).*/\1/p') This way there is no false positives. Or may be, even better: local CURRENT_PORTS=$(ss -ltnp state listening | grep "pid=$PID," | sed -nE 's/.*:([0-9]+).*/\1/p' | sort -u) and after the "for ... do" line: [[ "$PORT" =~ ^[0-9]+$ ]] || continue to avoid garbage.

May be that this also helps on EL9, because imap can't be natively installed from PECL: imap.sh #!/bin/bash set -euo pipefail BASEPATH="/opt/alt/php-fpm85" TMPDIR="/tmp/imap-rpm" RPM_URL="https://rpms.remirepo.net/enterprise/9/modular/x86_64/php-pecl-imap-1.0.3-1.module_php.8.5.el9.remi.x86_64.rpm" echo "[*] Cleaning temporary folder..." rm -rf "$TMPDIR" mkdir -p "$TMPDIR" cd "$TMPDIR" echo "[*] Downloading IMAP RPM..." wget -q --show-progress "$RPM_URL" -O php-pecl-imap.rpm echo "[*] Extracting RPM without installing..." rpm2cpio php-pecl-imap.rpm | cpio -idmv >/dev/null # Detect PHP extension directory EXT_DIR=$("$BASEPATH/usr/bin/php" -r 'echo ini_get("extension_dir");') if [[ ! -d "$EXT_DIR" ]]; then echo "[*] Creating extension directory at $EXT_DIR" mkdir -p "$EXT_DIR" fi echo "[*] Copying imap.so to $EXT_DIR" cp "$TMPDIR/usr/lib64/php/modules/imap.so" "$EXT_DIR/" # Detect php.d folder PHP_D_DIR="$BASEPATH/usr/php/php.d" if [[ ! -d "$PHP_D_DIR" ]]; then echo "[*] Creating php.d folder at $PHP_D_DIR" mkdir -p "$PHP_D_DIR" fi rm -rf "$TMPDIR" # Create the .ini file INI_FILE="$PHP_D_DIR/30-imap.ini" echo "[*] Creating $INI_FILE" echo "extension=imap.so" > "$INI_FILE" echo "[*] Installation complete. Restart PHP-FPM to activate the extension." echo "[*] Verification:" "$BASEPATH/usr/bin/php" -m | grep -i imap || echo "imap not loaded" "$BASEPATH/usr/bin/php" -r "var_dump(function_exists('imap_timeout'));" echo "[*] Done."

Don't do it. Even if you update it, the CWP daily cron will restore the 5.1 version again automatically.

Yep. I'm now getting an alert about unauthorized ports for php-fpm. I'm not sure if it's due to my recent tweak to add php 8.5 support in CWP selectors.

Really useful. Thanks a lot. But all scripts into the 8.5 folder should be modified to have a fixed version because as it's right now it doesn't work if you need to have both 8.4 and 8.5 versions installed at the same time. There is a fallback logic that always goes into 8.4 and that makes the 8.5 build to fail.

Ok. Thanks a lot. I'll try this way. What I want is to forbid access to phpMyAdmin from outside, not to uninstall it.

I want to disable the phpMyAdmin interface but I can't see any easy way to do so. Is there any way to easily enable and disable this? Thanks in advance,

Now that nginx 1.26 adds http3 experimental support, it could be useful to update this guide to also enable http3 when building nginx from sources

CWP only uses PHP 7.1 and not 8.1. You can use any PHP version you want on your server but CWP will use always the 7.1 version.

It looks promising. Is there any other but for Centos 8 Stream? Or do you recommend Almalinux 8 over Centos 8 Stream?

I want to mean that I can go with snapshots of the whole drive. And if there are serious issues then I can rollback into the previous system. That's why I want a method more or less reliable to upgrade and try it.

Well, I can experiment, no worries. What kind of problems are they?

Until the end of your life... But now seriously. There is no way to upgrade a server from Centos 7 to Centos 8 Stream?

I see. But that was when you have two servers with two different IP address. But what if you only have a single server?

What is "cwp-cwp migration module"?