Category Archives: VPS - Page 3

System Prep | SecureCentos.com

Good place to start securing your Centos Build

nano -w /etc/sysconfig/network

via System Prep | SecureCentos.com.

Install OSSEC | SecureCentos.com

Please note a new version of ossec is available, 2.4.1 The link below describes installation of 2.3 which has some issues when rebooting etc etc

via Install OSSEC | SecureCentos.com.

Lighttpd Centos

Lighttpd is the web server of choice for low memory VPS applications.

Lighttpd is not included in the base CENTOS Repo, so you will need to install the RPMFORGE repo. then

yum install lighttpd lighttpd-fastcgi

Then setup some dir’s

mkdir /var/run/lighttpd
touch /var/run/lighttpd/php-fastcgi.socket
chown -R lighttpd:lighttpd /var/run/lighttpd/
nano /etc/php.ini

edith /etc/lighttpd/lighttpd.conf and either add or remove # to

mod_fastcgi

from the server modules

add access to php cgi with the following in the .conf file also

fastcgi.server = ( “.php” =>
( “localhost” =>
(
“socket” => “tmp/php-fastcgi.socket”,
“bin-path” => “/usr/bin/php-cgi”
)
)
)

info sourced from

http://davidwinter.me.uk/articles/2008/06/22/lighttpd-and-php-on-centos-5/

some good references for setting up .conf file with virtual hosts

http://www.cyberciti.biz/faq/howto-lighttpd-virtualhost-configuration/

http://www.linux.com/archive/feed/51673

PHP 5.3.2 APC Centos Conundrum

So the PHP 5.3.2 is not in the default repository for Centos.

So we need to use the webtatic repository to install php 5.3.2 using the guide from here ->

http://www.webtatic.com/blog/2009/06/php-530-on-centos-5/

Fortunately, if you wanted to also run the APC module, this has already been compiled for us, we just need to enable it in the php.ini file like this ->

extension = apc.so
apc.enabled=1
apc.shm_size=30

Restart apache

/etc/init.d/httpd restart

and then check in phpinfo() that the module has been installed.

Setup VSFTPD

http://ubuntuforums.org/showthread.php?t=662784

Users, Files and permissions

http://www.debianadmin.com/users-and-groups-administration-in-linux.html

Install ntop on Red Hat Enterprise Linux / CentOS Linux

Install ntop on Red Hat Enterprise Linux / CentOS Linux.

DenyHosts

Deny hosts is a tiny program that will add ip addresses to the /etc/hosts.deny file when automated scripts try and brute force attack the sshd port.

The main vulnerability is the ROOT account which, should never be used to log into SSHD.

Set up a new user, add a strong password and then SSH into the server, su – will then allow you root priviledges.

To setup denyhosts

yum install denyhosts

then edit the config file

nano /etc/denyhosts/denyhosts.cfg

then start the daemon

/etc/init.d/denyhosts start

MailScanner woes

Be careful if you install MailScanner on your system.

If you have RPMFORGE repositories activated for YUM, MailScanner will break YUM due to some of the PERL dependencies.

You will cease being able to perform system updates, which is a bit of a problem.

The fix?

Disable RPM repositories, which will return YUM to its normal status.

nano /etc/yum.repos.d/rpmforge.repo

change enabled=1 to enabled=0

perform yum update and relax

Install GD library php 5.3.2

Because 5.3.2 is not in yum repository, you have to install gd library like this

yum –enablerepo=webtatic install php-gd