Sie befinden sich hier: start » linux » vserver

Dies ist eine alte Version des Dokuments!

Inhaltsverzeichnis

Vorbereitung

root deaktivieren

adduser USER && usermod -aG adm,cdrom,dialout,lpadmin,plugdev,sambashare,sudo USER

Mit neuem Nutzer anmelden und mit 

sudo passwd -l root

den root-Login deaktivieren.

Software installieren

sudo apt install fail2ban apache2 quassel-core ntp ntp-update postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd ufw

kleine Performance-Tests

dd if=/dev/zero of=~/tempfile bs=1M count=5000 conv=fdatasync,notrunc
sudo hdparm -tT /dev/vda1
sysbench --test=cpu --num-threads=2 --cpu-max-prime=200000 run

Konfiguration

iptables/fail2ban

/etc/fail2ban/jail.local 

[pureftpd]
enabled  = true
port     = ftp
filter   = pureftpd
logpath  = /var/log/syslog
maxretry = 3

[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5

[postfix-sasl]
enabled  = true
port     = smtp
filter   = postfix-sasl
logpath  = /var/log/mail.log
maxretry = 3

/etc/fail2ban/filter.d/pureftpd.local 

[Definition]
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
ignoreregex =

/etc/fail2ban/filter.d/dovecot-pop3imap.local 

[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
ignoreregex =

Filter für Quassel

/etc/fail2ban/filter.d/quassel.local 

[Definition]
failregex = Info: Non-authed client disconnected: <HOST>
            SSL required but non-SSL connection attempt from <HOST>
            Invalid login attempt from <HOST> as
            Client <HOST> did not send a registration message before trying to login, rejecting\.
ignoreregex =

/etc/fail2ban/jail.d/quassel.local 

[quassel]

enabled = true
port = 4242
filter = quassel
logpath = /var/log/quassel/core.log
maxretry = 5

fail2ban filter and jail for quassel

Apache

FX-Sync

Quassel

Quassel umziehen

Erstmal Quassel auf beiden Maschinen stoppen 

sudo service quasselcore stop

Kopieren der Konfiguration und der Logs 

sudo scp /var/lib/quassel/quasselcore.conf /var/lib/quassel/quassel-storage.sqlite user@newhost:/home/user/

Auf dem neuen Rechner 

sudo rm /var/lib/quassel/quasselcore.conf
sudo mv quasselcore.conf /var/lib/quassel/
sudo mv quassel-storage.sqlite /var/lib/quassel/

Ändern der Dateirechte 

sudo chown quasselcore:quassel /var/lib/quassel/quasselcore.conf
sudo chown quasselcore:quassel /var/lib/quassel/quassel-storage.sqlite

Server wieder starten 

sudo service quasselcore start

How to move quassel-core config and chat log Quassel IRC und Let’s Encrypt unter Debian


Zuletzt angesehen: vserver