Sie befinden sich hier: start » linux » vserver

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- linux:vserver [2017/05/08 21:12] – [iptables/fail2ban] lothenon
+++ linux:vserver [2017/05/29 05:19] (aktuell) – [Software installieren] lothenon
@@ Zeile 1: / Zeile 1: @@
-======Vorbereitung======
+======root deaktivieren======
-=====root deaktivieren=====
 <code>
@@ Zeile 15: / Zeile 13: @@
 den root-Login deaktivieren.
-=====Software installieren=====
+======Software installieren======
 <code>
-sudo apt install fail2ban apache2 quassel-core ntp ntp-update postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd
+sudo apt install fail2ban apache2 quassel-core ntp ntpdate postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd ufw spamassassin zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl postgrey apache2 apache2-doc apache2-utils libapache2-mod-php php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap phpmyadmin php7.0-cli php7.0-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear php-auth php7.0-mcrypt mcrypt  imagemagick libruby libapache2-mod-python php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl php7.0-opcache php-apcu libapache2-mod-fastcgi php7.0-fpm letsencrypt bind9 dnsutils haveged vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl
 </code>
-=====kleine Performance-Tests=====
+amavisd-new
+======Vorbereitungen======
 <code>
-dd if=/dev/zero of=~/tempfile bs=1M count=5000 conv=fdatasync,notrunc
+dpkg-reconfigure dash
+</code>
+default system shell = no
+<code>
+service apparmor stop
+update-rc.d -f apparmor remove
+</code>
+======kleine Performance-Tests======
+<code>
+dd if=/dev/zero of=~/tempfile bs=1M count=5000 conv=fdatasync,notrunc && rm ~/tempfile
 sudo hdparm -tT /dev/vda1
 sysbench --test=cpu --num-threads=2 --cpu-max-prime=200000 run
@@ Zeile 33: / Zeile 44: @@
 =====iptables/fail2ban=====
-====Regeln für dovecot====
+/etc/fail2ban/jail.local
-/etc/fail2ban/jail.d/dovecot.local
 <code>
-[dovecot]
+[pureftpd]
+enabled  = true
+port     = ftp
+filter   = pureftpd
+logpath  = /var/log/syslog
+maxretry = 3
+[dovecot-pop3imap]
 enabled = true
-filter = dovecot
+filter = dovecot-pop3imap
+action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
 logpath = /var/log/mail.log
 maxretry = 5
-====Filter für postfix====
-/etc/fail2ban/jail.d/postfix.local
+[postfix-sasl]
+enabled  = true
+port     = smtp
+filter   = postfix-sasl
+logpath  = /var/log/mail.log
+maxretry = 3
+</code>
+/etc/fail2ban/filter.d/pureftpd.local
 <code>
-[postfix]
+[Definition]
-enabled = true
+failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
-filter = postfix
+ignoreregex =
-logpath = /var/log/mail.log
+</code>
-maxretry = 5
+/etc/fail2ban/filter.d/dovecot-pop3imap.local
+<code>
+[Definition]
+failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
+ignoreregex =
 </code>
@@ Zeile 78: / Zeile 107: @@
 [[https://gist.github.com/AGBrown/afe178181dadc5f6a626|fail2ban filter and jail for quassel]]
-=====Apache=====
+<code>
+service fail2ban restart
+</code>
+=====Mail=====
+/etc/postfix/master.cf
+<code>
+...]
+submission inet n       -       -       -       -       smtpd
+  -o syslog_name=postfix/submission
+  -o smtpd_tls_security_level=encrypt
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+smtps     inet  n       -       -       -       -       smtpd
+  -o syslog_name=postfix/smtps
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+[...]
+</code>
+<code>
+service postfix restart
+</code>
+<code>
+service spamassassin stop
+update-rc.d -f spamassassin remove
+</code>
+=====MariaDB=====
+bind auf localhost nicht aufheben
+<code>
+mysql_secure_installation
+</code>
+Enter current password for root (enter for none): <-- press enter
+Set root password? [Y/n] <-- y
+New password: <-- Enter the new MariaDB root password here
+Re-enter new password: <-- Repeat the password
+Remove anonymous users? [Y/n] <-- y
+Disallow root login remotely? [Y/n] <-- y
+Reload privilege tables now? [Y/n] <-- y
+<code>
+service mysql restart
+</code>
+=====AWstats=====
+/etc/cron.d/awstats
+<code>
+#MAILTO=root
+#*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh
+# Generate static reports:
+#10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh
+</code>
+=====Webserver=====
+phpMyAdmin
+Web server to reconfigure automatically: <-- apache2
+Configure database for phpmyadmin with dbconfig-common? <-- Yes
+MySQL application password for phpmyadmin: <-- Press enter
+Apache
+<code>
+a2enmod suexec rewrite ssl actions include cgi dav_fs dav auth_digest headers actions fastcgi alias
+</code>
+HTTP-Proxy deaktivieren
+/etc/apache2/conf-available/httpoxy.conf
+<code>
+<IfModule mod_headers.c>
+    RequestHeader unset Proxy early
+</IfModule>
+</code>
+<code>
+service apache2 restart
+</code>
 =====FX-Sync=====

Zuletzt angesehen:

Unterschiede

Navigation

Werkzeuge