Sie befinden sich hier: start » linux » vserver

Dies ist eine alte Version des Dokuments!

Inhaltsverzeichnis

root deaktivieren
Software installieren
Vorbereitungen
kleine Performance-Tests
Konfiguration

root deaktivieren

adduser USER && usermod -aG adm,cdrom,dialout,lpadmin,plugdev,sambashare,sudo USER

Mit neuem Nutzer anmelden und mit

sudo passwd -l root

den root-Login deaktivieren.

Software installieren

sudo apt install fail2ban apache2 quassel-core ntp ntp-update postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd ufw spamassassin zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl postgrey

amavisd-new

Vorbereitungen

dpkg-reconfigure dash

default system shell = no

service apparmor stop
update-rc.d -f apparmor remove

kleine Performance-Tests

dd if=/dev/zero of=~/tempfile bs=1M count=5000 conv=fdatasync,notrunc
sudo hdparm -tT /dev/vda1
sysbench --test=cpu --num-threads=2 --cpu-max-prime=200000 run

Konfiguration

iptables/fail2ban

/etc/fail2ban/jail.local

[pureftpd]
enabled  = true
port     = ftp
filter   = pureftpd
logpath  = /var/log/syslog
maxretry = 3

[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5

[postfix-sasl]
enabled  = true
port     = smtp
filter   = postfix-sasl
logpath  = /var/log/mail.log
maxretry = 3

/etc/fail2ban/filter.d/pureftpd.local

[Definition]
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
ignoreregex =

/etc/fail2ban/filter.d/dovecot-pop3imap.local

[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
ignoreregex =

Filter für Quassel

/etc/fail2ban/filter.d/quassel.local

[Definition]
failregex = Info: Non-authed client disconnected: <HOST>
            SSL required but non-SSL connection attempt from <HOST>
            Invalid login attempt from <HOST> as
            Client <HOST> did not send a registration message before trying to login, rejecting\.
ignoreregex =

/etc/fail2ban/jail.d/quassel.local

[quassel]

enabled = true
port = 4242
filter = quassel
logpath = /var/log/quassel/core.log
maxretry = 5

fail2ban filter and jail for quassel

service fail2ban restart

Mail

/etc/postfix/master.cf

...]
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
[...]

service postfix restart

MariaDB

bind auf localhost nicht aufheben

mysql_secure_installation

Enter current password for root (enter for none): ←- press enter Set root password? [Y/n] ←- y New password: ←- Enter the new MariaDB root password here Re-enter new password: ←- Repeat the password Remove anonymous users? [Y/n] ←- y Disallow root login remotely? [Y/n] ←- y Reload privilege tables now? [Y/n] ←- y

service mysql restart

Apache

FX-Sync

Quassel

Quassel umziehen

Erstmal Quassel auf beiden Maschinen stoppen

sudo service quasselcore stop

Kopieren der Konfiguration und der Logs

sudo scp /var/lib/quassel/quasselcore.conf /var/lib/quassel/quassel-storage.sqlite user@newhost:/home/user/

Auf dem neuen Rechner

sudo rm /var/lib/quassel/quasselcore.conf
sudo mv quasselcore.conf /var/lib/quassel/
sudo mv quassel-storage.sqlite /var/lib/quassel/

Ändern der Dateirechte

sudo chown quasselcore:quassel /var/lib/quassel/quasselcore.conf
sudo chown quasselcore:quassel /var/lib/quassel/quassel-storage.sqlite

Server wieder starten

sudo service quasselcore start

How to move quassel-core config and chat log Quassel IRC und Let’s Encrypt unter Debian

Zuletzt angesehen: • vserver