Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-06-17, 02:33:26

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - prgs1971

Pages: [1] 2 3 ... 6
1
Thanks to share this tip ;)

2
Quote
Second, ALL of those configuration options rely on additional modules for iptables that not all servers have installed.

csf comes with a test script to know if all modules are installed and if you can use those options.

Thank you for the alert, but i have noticed that script and in my case i have all installed ;)

Quote
CONNLIMIT for port 80 should be set no lower than 50 - more like 75 or even 100. On a busy CMS site - say Joomla or Dolphin - every connection to the server is counted. UNDERSTAND - every picture - every .js file - every .css file - ajax requests. It is easy to reach 50 legitimately.

Same with PORTFLOOD - port 80 resitrictions are WAY to high for any dynamic site. On a Dolphin CMS site I have easily reached 60 in a second on page load (css, js, images, html, ajax) if the page has 100 pictures -- your settings with block every user who clicks that page.
Silly of me  :geek: .... i must be very tired to don't remember tha i have client with stores that make more than 200 requests on load, therefore they should do around 60 to 70 requests per second.

Thank you very much to point me this out  8-)

3
Once @chrisf already advise to change SYNFLOOD i think that for newbies will be good to know how it works ;)
Code: [Select]
SYNFLOOD = "1"
SYNFLOOD_RATE = "100/s"
SYNFLOOD_BURST = "150"

                 
it means that:
     1. if 100 connections per second happens more than 150 times, from the same IP, this IP will be blocked.
     2. When SYNFLOOD is triggered, will slow down alll icoming connections from any IP, including legitm connections.
--------------------------------

I found also 2 other interesting settings:

CONNLIMIT        
    - find it around line 323
 
Code: [Select]
CONNLIMIT = ""    - change to:
                   
Code: [Select]
CONNLIMIT = "22;5,80;20"                        > it means that:
                            1. Only allow up to 5 concurrent new connections to port 22 per IP address
                            2. Only allow up to 20 concurrent new connections to port 80 per IP address
                            Note: Existing connections are not included in the count, only new SYN packets, i.e. new connections.
------------------------------------

PORTFLOOD    
   - find it around line 339
Code: [Select]
PORTFLOOD = ""   - change to:
                   
Code: [Select]
PORTFLOOD = "22;tcp;5;300,80;tcp;20;5"                        > it means that:
                            1. 22;tcp;5;300 - If more than 5 connections to tcp port 22 within 300 seconds, then block
                            that IP address from port 22 for at least 300 seconds after the last packet is
                            seen, i.e. there must be a "quiet" period of 300 seconds before the block is
                            lifted
                            2. 80;tcp;20;5 - If more than 20 connections to tcp port 80 within 5 seconds, then block
                            that IP address from port 80 for at least 5 seconds after the last packet is
                            seen, i.e. there must be a "quiet" period of 5 seconds before the block is
                            lifted

You can read more about it here http://configserver.com/free/csf/readme.txt

@chrisf do you agree with this settings?

4
It was me that ask for this tutorial to @chrisf... Many thanks for this very clean and detailed tutorial.

I have applied it very easily in Kloxo-Mr and in another open source panel 8-)

5
Kloxo-MR Technical Helps / Re: Rootkit Hunter
« on: 2013-08-21, 08:10:25 »
I don't have done anything more about this, because i give up from kloxo-Mr .

Thanks anyway ;)

6
Kloxo-MR Technical Helps / Re: How to Setup DKIM?
« on: 2013-08-21, 03:02:20 »
As i said already to @chrisf by PM i have moved for another open source panel.

Thanks anyway for all the support i have received here.

I was preparing a very detailed tutorial to install Centos 6.4 + Kloxo-MR + Secure both, but once i have stumble in so many problems i give up and in the new panel is everything more smooth to do ;)

7
Kloxo-MR Technical Helps / Re: Rootkit Hunter
« on: 2013-08-19, 18:15:22 »
I find a detailed log in /var/log/rkhunter/rkhunter.log

I have extracted from the log what i think that must have our attention:

warning
Code: [Select]
[03:19:57] Warning: Checking for prerequisites               [ Warning ]
[03:19:57]          The file of stored file properties (rkhunter.dat) does not exist, and should be created. To do this type in 'rkhunter --propupd'.
[03:19:57] Info: The file properties check will still run as there are checks that can be performed without the rkhunter.dat file.

warning
Code: [Select]
[03:19:57] Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option
           is used, all the files on their system are known to be genuine, and installed from a
           reliable source. The rkhunter '--check' option will compare the current file properties
           against previously stored values, and report if any values differ. However, rkhunter
           cannot determine what has caused the change, that is for the user to do.

Unable to find 'skdet' command
Code: [Select]
[03:21:49]   Performing Suckit Rookit additional checks
[03:21:49]     Checking hard link count on '/sbin/init'      [ OK ]
[03:21:50]     Checking for hidden file extensions           [ None found ]
[03:21:50]     Running skdet command                         [ Skipped ]
[03:21:50] Info: Unable to find the 'skdet' command
[03:21:50]   Suckit Rookit additional checks                 [ OK ]

tripwire not installed
Code: [Select]
[03:22:49]   Checking for software intrusions                [ Skipped ]
[03:22:49] Info: Check skipped - tripwire not installed

Check skipped - file '/etc/inetd.conf' does not exist.
Code: [Select]
[03:22:49] Info: Starting test name 'trojans'
[03:22:49] Performing trojan specific checks
[03:22:50]   Checking for enabled inetd services             [ Skipped ]
[03:22:50] Info: Check skipped - file '/etc/inetd.conf' does not exist.

Warning
Code: [Select]
Checking for enabled xinetd services            [ Warning ]
[03:22:52] Warning: Found enabled xinetd service: /etc/xinetd.d/pureftp
[03:22:53]   Checking for Apache backdoor                    [ Not found ]

warning
Code: [Select]
[03:22:53] Info: Starting test name 'os_specific'
[03:22:53] Performing Linux specific checks
[03:22:53]   Checking loaded kernel modules                  [ Warning ]
[03:22:53] Warning: No output found from the lsmod command or the /proc/modules file:
[03:22:53]          /proc/modules output:
[03:22:53]          lsmod output:

Unable to find the 'unhide-tcp' command
Code: [Select]
Info: Starting test name 'hidden_ports'
[03:22:59] Checking for hidden ports                         [ Skipped ]
[03:22:59] Info: Unable to find the 'unhide-tcp' command

warning
Code: [Select]
[03:23:06] Warning: The SSH and rkhunter configuration options should be the same:
[03:23:06]          SSH configuration option 'PermitRootLogin': without-password
[03:23:06]          Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': unset

Summary
Code: [Select]
[03:23:12] System checks summary
[03:23:12] =====================
[03:23:12]
[03:23:12] File properties checks...
[03:23:12] Required commands check failed
[03:23:12] Files checked: 139
[03:23:12] Suspect files: 0
[03:23:12]
[03:23:12] Rootkit checks...
[03:23:12] Rootkits checked : 308
[03:23:12] Possible rootkits: 0
[03:23:13]
[03:23:13] Applications checks...
[03:23:13] All checks skipped
[03:23:13]
[03:23:13] The system checks took: 3 minutes and 30 seconds
[03:23:13]
[03:23:13] Info: End date is Sun Aug 18 03:23:13 BST 2013

warning
Code: [Select]
---------------------- Start Rootkit Hunter Scan ----------------------
Warning: Checking for prerequisites               [ Warning ]
         The file of stored file properties (rkhunter.dat) does not exist, and should be created. To do this type in 'rkhunter --propupd'.
Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option
         is used, all the files on their system are known to be genuine, and installed from a
         reliable source. The rkhunter '--check' option will compare the current file properties
         against previously stored values, and report if any values differ. However, rkhunter
         cannot determine what has caused the change, that is for the user to do.
Warning: Found enabled xinetd service: /etc/xinetd.d/pureftp
Warning: No output found from the lsmod command or the /proc/modules file:
         /proc/modules output:
         lsmod output:
Warning: The SSH and rkhunter configuration options should be the same:
         SSH configuration option 'PermitRootLogin': without-password
         Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': unset

----------------------- End Rootkit Hunter Scan -----------------------

Thanks in advance for any feedback in any of the above extracts from the log :)

8
Kloxo-MR Technical Helps / Rootkit Hunter
« on: 2013-08-19, 17:29:31 »
Where i can find Rootkit Hunter configuration in Kloxo-MR?

I am getting this in my secure log, but i don't receive any warning.
Code: [Select]
Aug 19 03:41:49 server Rootkit Hunter: Rootkit hunter check started (version 1.4.0)
Aug 19 03:45:20 server Rootkit Hunter: Scanning took 3 minutes and 31 seconds
Aug 19 03:45:20 server Rootkit Hunter: Please inspect this machine, because it may be infected.

Where i can look for more detailed information about the above report?

How can hi debug this?

9
Kloxo-MR Technical Helps / Re: How to Setup DKIM?
« on: 2013-08-19, 15:45:00 »
That is already done before i post this topic, but i forget to tell that... sorry!!!

10
Kloxo-MR Technical Helps / Re: How to Setup DKIM?
« on: 2013-08-19, 07:08:09 »
It seems that when we click in Manage DNS the last entry in DNS records seems to be for DKIM... I am correct?

Now if i use a online tool to check it, like http://www.port25.com/support/authentic ... ification/ or http://www.appmaildev.com/ will say that messsage is not signed with Domain Keys or DKIM

I already try to disable Domain Keys, enable it again and rebuild the DNS template for the domain, but still not working.

How can i fix this?

Code: [Select]
---------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: header.From=postmaster@example.com
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified:

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

Code: [Select]
==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    pass
SpamAssassin check: ham

11
Kloxo-MR Technical Helps / How to Setup DKIM?
« on: 2013-08-19, 05:28:06 »
I don't see any option to configure DKIM in Kloxo-MR only found for Domain Keys.

I am missing anything in the admin panel?

Domain Keys is the old standard and for new hosting providers with now email reputation is very important to setup DKIM to not get their email in the spam box of  Gmail, Hotmail, Yahoo, just to mentioned the most important ones.

12
Kloxo-MR Technical Helps / Re: Enable SUPH return ERROR 500
« on: 2013-08-19, 04:04:00 »
For now cp.example.com and webmail.example.com are working ;)

Later i will add a e-commerce store and we will see if Suphp is working fine or not .

13
Kloxo-MR Technical Helps / Re: Enable SUPH return ERROR 500
« on: 2013-08-19, 01:34:42 »
For security reasons is always good idea to not use apache to run the programs or i am wrong?

14
Kloxo-MR Technical Helps / Re: Mysql Security in Kloxo-MR
« on: 2013-08-18, 22:59:01 »
You mean successful login to kloxo admin interface or user interface?

15
Kloxo-MR Technical Helps / Re: Enable SUPH return ERROR 500
« on: 2013-08-18, 22:48:32 »
Now it works with that new configuration.

Can you explain me why you don't use lxlabs as the user for run kloxo and instead you prefer to use the generic one apache?

Pages: [1] 2 3 ... 6

MRatWork Affiliates:    BIGRAF(R) Inc.    House of LMAR    EFARgrafix
Click Here

Page created in 0.063 seconds with 16 queries.

web stats analysis