admin 发布的文章

源代码安装

yum remove curl curl-devel
 
wget http://curl.haxx.se/download/curl-7.24.0.tar.bz2
tar xfj curl-7.24.0.tar.bz2
cd curl-7.24.0
./configure --prefix=/usr
make
make install
#check version
curl -V
./configure --with-curl=/usr --with-curlwrappers

参考:http://gadelkareem.com/2012/02/27/upgrade-curl-7-24-on-centos-6-2/

1. 下载和安装mod_limitipconn

wget http://dominia.org/djao/limit/mod_limitipconn-0.24.tar.bz2
bzip2 -d  mod_limitipconn-0.24.tar.bz2
tar xvf mod_limitipconn-0.24.tar
cd mod_limitipconn-0.24
apxs -c -i -a mod_limitipconn.c
chmod 755 /usr/lib/apache/mod_limitipconn.so

2. 应用每个用户

创建自定义用户 VirtualHost 模板

cd /usr/local/directadmin/data/templates
cp virtual_host2*.conf custom
cd custom

编辑 virtual_host2.conf ,在 VirtualHost 中添加以下内容

<IfModule mod_limitipconn.c>
<Location />
MaxConnPerIP 10
NoIPLimit images/*
</Location>
</IfModule>

案例

#省略...

<VirtualHost |IP|:|PORT_80| |MULTI_IP|>
|CUSTOM|
|?CGI=ScriptAlias /cgi-bin/ `DOCROOT`/cgi-bin/|
	ServerName www.|DOMAIN|
	ServerAlias www.|DOMAIN| |DOMAIN| |SERVER_ALIASES|
	ServerAdmin |ADMIN|
	DocumentRoot |DOCROOT|
	|CGI|

	|USECANONICALNAME|

	<IfModule !mod_ruid2.c>
		SuexecUserGroup |USER| |GROUP|
	</IfModule>

	<IfModule mod_limitipconn.c>
	<Location />
	MaxConnPerIP 9
	NoIPLimit images/*
	</Location>
	</IfModule>

#省略...

重建所有用户 httpd.conf

cd /usr/local/directadmin/custombuild
./build rewrite_confs

重启Apache

service httpd restart

完成!

问题一:php运行报错:1% 不是有效的 win32 应用程序
php环境配置完毕后,运行html成功,但运行php就报错,错误提示是“1% 不是有效的 win32 应用程序”,英文报%1 is not a valid Win32 application。第一次碰到这样的问题,经过搜索和试验,问题终于解决。

报错原因:由于在64位操作系统里,默认配置下,IIS工作在64位模式下,这会让许多32位的应用不能正常工作。

解决方法:

1)进入命令提示符:开始->运行 cmd
2)执行脚本:

cscript %SYSTEMDRIVE%\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 1

说明:%SYSTEMDRIVE%表示系统盘。例如,如果你的系统盘是C,那么上述语句改为:cscript c:\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 1

问题二:访问网页报错:Service Unavailable
经过上面的操作后,以为大功告成了,其实不然。访问网站竟然又报错:Service Unavailable。

解决方法如下:

1)进入命令提示符:开始->运行 cmd
2)执行脚本:

%SYSTEMROOT%\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe -i

说明:%SYSTEMROOT%\表示系统目录,一般是“C:\WINDOWS\”;v1.1.4322是默认.net版本,你也可以改为“v2.0.50727”等其他版本,关键是不要写错路径名,否则执行不成功。

转载:http://www.2cto.com/os/201212/173551.html

1、获取Squid源代码

wget http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.9.tar.gz

2、编译及安装

tar -zxvf squid-3.1.9.tar.gz
cd squid-3.1.9
./configure --prefix=/usr/local/squid --enable-arp-acl --enable-linux-netfilter --enable-pthreads --enable-err-language="Simplify_Chinese" --enable-default-err-language="Simplify_Chinese" --enable-auth="basic" --enable-baisc-auth-helpers="NCSA" --enable-underscore
make
make install

3、编译生成Squid认证程序ncsa_auth

cd helpers/basic_auth/NCSA/
make
cp ncsa_auth /usr/sbin/
cd ../../../

4、使用htpasswd来生成用户名/密码对应的文件

htpasswd -c /usr/local/squid/password <用户名>

5、修改Squid配置文件

cd /usr/local/squid/
mv -f etc/squid.conf etc/squid.conf.bak
vi etc/squid.conf
 
# 插入如下内容
 
 
acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
acl CONNECT method CONNECT
  
auth_param basic program /usr/sbin/ncsa_auth /usr/local/squid/password
acl normal proxy_auth REQUIRED
http_access allow normal
  
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
  
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
  
# And finally deny all other access to this proxy
http_access deny all
  
# Squid normally listens to port 3128
http_port 3128
  
# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
  
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir null /tmp
  
# Leave coredumps in the first cache dir
coredump_dir /usr/local/squid/var/cache
  
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:       1440    20% 10080
refresh_pattern ^gopher:    1440    0%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .       0   20% 4320

6、启动Squid

./sbin/squid

转载:http://www.oschina.net/code/snippet_4873_1535

CREATE DATABASE information_schema DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ciSQL 查询:
-- -- ? information_schema -- CREATE DATABASE information_schema DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci
MySQL 返回:
#1044 - Access denied for user 'xxx'@'localhost' to database 'information_schema'

phpmyadmin导出的数据库里有创建数据库的语句,而空间没有创建数据库权限,所以出错。常见于没有进入特定数据库导出导致。

删除导出的sql文件里的创建数据库语句:

-- phpMyAdmin SQL Dump
-- version 2.11.6
-- http://www.phpmyadmin.net
--
-- 主机: localhost
-- 生成日期: 2014 年 09 月 01 日 15:46
-- 服务器版本: 5.0.51
-- PHP 版本: 5.2.6

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

/*!40101 SET

@OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS

*/;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;

--------------------------------------------------------
这中间的部分删除...
--
-- 表的结构 alerts
--------------------------------------------------------

保存,然后再进phpmyadmin导入数据就没有问题了。

本文参考:http://www.bxl.me/1598.html

安装教程

cd /usr/local/src
wget http://techsware.in/downloads/harden.sh
chmod 755 harden.sh
./harden.sh 

1:什么是KalluscPHarden?
答:KalluscPHarden是一个shell脚本,基于cPanel服务器安全加固、检查。

2:会为cPanel做什么?
答:改变调整设置,密码修改强度,后台进程检查,编译器的访问安全,Shell Bomb Fork保护等设置....

3:有什么额外的应用程序将安装到服务器?
答:CSF,CMM,CMQ,CMC,Maldet,Rkhunter,Linux Socket 监控,Linux的环境安全等

4:服务器会有哪些地方被调整/加固?
答:Apache,cPanel,FTP,SSH,MySQL,CSF,PHP等

5: What additional hardening steps it does ?
Ans : TMP hardening, Logrotate hardening, Daily Rkhunter scanning, rDNS Check, Disable unwanted processes, SYN FLOOD Kernel Tweak, etc

6: How to recover the old configuration, before running this tool?
Ans : All configurations will be backup as conf_file.beforetweak before making changes to it. So you can compare the configurations in you want to check anything.

7: Any more tweaks it do ?
Ans : Check change log for recent changes to the script

8:这个脚本多少钱?
答:它是完全免费的。

9:想知道更多?
Ans : Please feel free to reach me at kallu[at]techsware.in

官方主页:http://techsware.in/kcpharden.html

请注意,安装适用于 CustomBuild 2.0

cd /usr/local/directadmin/custombuild
./build update
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build modsecurity

wordpress后台暴力破解规则

/usr/local/cwaf/tmp/rules/workdir1/rules
新建文件,内容如下,保存后设置所属用户重启apache

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000134
<Locationmatch "/wp-login.php">
	# Setup brute force detection.
	# React if block flag has been set.
	SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000135,msg:'ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'"
	# Setup tracking. On a successful login, a 302 redirect is performed, a 200 indicates login failed.
	SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136"
	SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137"
	SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
</locationmatch>

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000234
<Locationmatch "/xmlrpc.php">
	# Rate limit requests to xml-rpc
	SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000235,msg:'ip address blocked for 5 minutes, more than 10 attempts in 3 minutes.'"
	# Setup tracking. Whenever it gets a 200 or 405 status code, increase our brute force counter.
	SecRule RESPONSE_STATUS "^(200|405)" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000237"
	SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
</Locationmatch>

规则来自:https://github.com/sensson/puppet-directadmin/blob/master/templates/modsecurity/modsec-wordpress.conf.erb

SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit strict, like

SYNFLOOD_RATE = "5/s"
SYNFLOOD_BURST = "3"

i.e. if 5 connections are received from an IP/sec for 3 times, block it. Make sure don't keep it too strict if you are not receiving an attack else it will generate false positives and will block legit connections.

摘自:http://www.webhostingtalk.com/showthread.php?t=892958

Hello,
update script not part from directadmin.com
**** USE IT YOUR OWN RISKS ****

*****
*****
*****

GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 2006,2007 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Update script made by Wael Isa
H188, R4008, Arad 240, Kingdom of Bahrain
http://www.web4host.net
Version: 1.8.1
Release Date: 1 / 9 / 2006

*****
*****
*****

If you find update script useful, please consider to make a donation to support this freeware.
Please keep in mind that donations are welcome, but in no way required to use and distribute update.script.

You can support update.script by paypal – CLICK HERE

update.script Version: 1.8.1
update script tested in this OS 32bit and 64bit.

  • RedHat Linux
  • RedHat Fedora
  • RedHat Enterprise
  • CentOS
  • Debian
  • OpenSSL (You need to build ssh, apache, php, etc after upgrade)
  • Exim
  • OpenSSH
  • ProFTP
  • ProFTP with mod_clamav
  • phpMyAdmin
  • F-PROT Anti-Virus
  • AVG
  • ClamAV
  • MODclamAV
  • MRTG
  • SquirrelMail
  • SquirrelMail full language pack
  • SpamAssassin
  • MODsecurity 2.x (Apache 2.x Only)
  • ImageMagick
  • GraphicsMagick
  • eAccelerator
  • FFMPEG-php
  • PHP Clamav
  • Webmin control panel (You need to open one port 10000 in your firewall)
  • MailScanner
  • Suhosin
  • NoBody Check

安装

mkdir /usr/local/updatescript
cd /usr/local/updatescript
wget http://tools.web4host.net/update.script
chmod 755 update.script
Run this to read how to use.

运行以下命令查看如何使用

./update.script

查看更多:http://www.web4host.net/update-script/

ELS stands for Easy Linux Security. ELS was created by Richard Gannon, Martynas Bendorius and Wael Isa. ELS takes many of the tasks performed by our Administrators and puts it into an easy to use program for anyone to use. It is released under the GNU/GPL so it is free to use.

This program is always being improved with new features and bugfixes, so be sure to keep it up to date. If you found a bug or would like an improvement, please let us know! If you really like this program, donations are welcome!

支持的操作系统 :

* Red Hat Linux
* Red Hat Enterprise Linux
* Fedora Core
* CentOS
* Debian

ELS 有哪些功能:

* Install RKHunter
* Install RKHunter Cronjob which emails a user-set email address nightly
* Install/update APF
* Install/update BFD
* Install CHKROOTKIT
* Install CHKROOTKIT Cronjob which emails a user-set email address nightly
* Disable Telnet
* Force SSH Protocol 2
* Secure /tmp
* Secure /var/tmp
* Secure /dev/shm
* 安装/升级 Zend Optimizer
* 安装/升级 eAccelerator
* MySQL 4.1 and 5.0 Configuration Optimization
* Upgrade MySQL to 5.0
* Tweak WHM Settings for security and stability
* Configure RNDC if not already done (cPanel only)
* Change SSH port (also configure APF as necessary)
* Add wheel user and disable direct root login over SSH
* 优化 MySQL tables
* 安装/升级 Libsafe
* 安装/升级 ImageMagick (from latest source)
* Uninstall LAuS
* Harden sysctl.conf
* Install Chirpy’s Free Exim Dictionary Attack ACL (cPanel only)
* 更多!

安装 ELS, 以ROOT身份运行以下命令:

wget -O installer.sh http://els.web4host.net/installer.sh
chmod +x installer.sh
sh installer.sh

官方网站:http://www.web4host.net/easy-linux-security/

有些管理员不希望每个IP被封锁都得到DA的通知

brute_force_notice_ip.sh 的触发只发生在DA发送XX IP尝试多少次登入失败通知的时候,现在DA已经添加了一个选项,以防止发送,但brute_force_notice_ip.sh 仍然工作。

该directadmin.conf选项将是:

hide_brute_force_notifications=0

这是默认(选项禁用,发送通知)

如果你想不发通知,但brute_force_notice_ip.sh仍然工作,设置directadmin.conf:
hide_brute_force_notifications=1