1
Kloxo-MR Tips and Tricks / Re: Installing CSF alongside KloxoMR (how to)
« on: 2013-08-31, 16:58:59 »
Thanks to share this tip
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Second, ALL of those configuration options rely on additional modules for iptables that not all servers have installed.
csf comes with a test script to know if all modules are installed and if you can use those options.
CONNLIMIT for port 80 should be set no lower than 50 - more like 75 or even 100. On a busy CMS site - say Joomla or Dolphin - every connection to the server is counted. UNDERSTAND - every picture - every .js file - every .css file - ajax requests. It is easy to reach 50 legitimately.Silly of me :geek: .... i must be very tired to don't remember tha i have client with stores that make more than 200 requests on load, therefore they should do around 60 to 70 requests per second.
Same with PORTFLOOD - port 80 resitrictions are WAY to high for any dynamic site. On a Dolphin CMS site I have easily reached 60 in a second on page load (css, js, images, html, ajax) if the page has 100 pictures -- your settings with block every user who clicks that page.
SYNFLOOD = "1"
SYNFLOOD_RATE = "100/s"
SYNFLOOD_BURST = "150"
CONNLIMIT = ""
- change to:CONNLIMIT = "22;5,80;20"
> it means that: PORTFLOOD = ""
- change to:PORTFLOOD = "22;tcp;5;300,80;tcp;20;5"
> it means that:[03:19:57] Warning: Checking for prerequisites [ Warning ]
[03:19:57] The file of stored file properties (rkhunter.dat) does not exist, and should be created. To do this type in 'rkhunter --propupd'.
[03:19:57] Info: The file properties check will still run as there are checks that can be performed without the rkhunter.dat file.
[03:19:57] Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option
is used, all the files on their system are known to be genuine, and installed from a
reliable source. The rkhunter '--check' option will compare the current file properties
against previously stored values, and report if any values differ. However, rkhunter
cannot determine what has caused the change, that is for the user to do.
[03:21:49] Performing Suckit Rookit additional checks
[03:21:49] Checking hard link count on '/sbin/init' [ OK ]
[03:21:50] Checking for hidden file extensions [ None found ]
[03:21:50] Running skdet command [ Skipped ]
[03:21:50] Info: Unable to find the 'skdet' command
[03:21:50] Suckit Rookit additional checks [ OK ]
[03:22:49] Checking for software intrusions [ Skipped ]
[03:22:49] Info: Check skipped - tripwire not installed
[03:22:49] Info: Starting test name 'trojans'
[03:22:49] Performing trojan specific checks
[03:22:50] Checking for enabled inetd services [ Skipped ]
[03:22:50] Info: Check skipped - file '/etc/inetd.conf' does not exist.
Checking for enabled xinetd services [ Warning ]
[03:22:52] Warning: Found enabled xinetd service: /etc/xinetd.d/pureftp
[03:22:53] Checking for Apache backdoor [ Not found ]
[03:22:53] Info: Starting test name 'os_specific'
[03:22:53] Performing Linux specific checks
[03:22:53] Checking loaded kernel modules [ Warning ]
[03:22:53] Warning: No output found from the lsmod command or the /proc/modules file:
[03:22:53] /proc/modules output:
[03:22:53] lsmod output:
Info: Starting test name 'hidden_ports'
[03:22:59] Checking for hidden ports [ Skipped ]
[03:22:59] Info: Unable to find the 'unhide-tcp' command
[03:23:06] Warning: The SSH and rkhunter configuration options should be the same:
[03:23:06] SSH configuration option 'PermitRootLogin': without-password
[03:23:06] Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': unset
[03:23:12] System checks summary
[03:23:12] =====================
[03:23:12]
[03:23:12] File properties checks...
[03:23:12] Required commands check failed
[03:23:12] Files checked: 139
[03:23:12] Suspect files: 0
[03:23:12]
[03:23:12] Rootkit checks...
[03:23:12] Rootkits checked : 308
[03:23:12] Possible rootkits: 0
[03:23:13]
[03:23:13] Applications checks...
[03:23:13] All checks skipped
[03:23:13]
[03:23:13] The system checks took: 3 minutes and 30 seconds
[03:23:13]
[03:23:13] Info: End date is Sun Aug 18 03:23:13 BST 2013
---------------------- Start Rootkit Hunter Scan ----------------------
Warning: Checking for prerequisites [ Warning ]
The file of stored file properties (rkhunter.dat) does not exist, and should be created. To do this type in 'rkhunter --propupd'.
Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option
is used, all the files on their system are known to be genuine, and installed from a
reliable source. The rkhunter '--check' option will compare the current file properties
against previously stored values, and report if any values differ. However, rkhunter
cannot determine what has caused the change, that is for the user to do.
Warning: Found enabled xinetd service: /etc/xinetd.d/pureftp
Warning: No output found from the lsmod command or the /proc/modules file:
/proc/modules output:
lsmod output:
Warning: The SSH and rkhunter configuration options should be the same:
SSH configuration option 'PermitRootLogin': without-password
Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': unset
----------------------- End Rootkit Hunter Scan -----------------------
Aug 19 03:41:49 server Rootkit Hunter: Rootkit hunter check started (version 1.4.0)
Aug 19 03:45:20 server Rootkit Hunter: Scanning took 3 minutes and 31 seconds
Aug 19 03:45:20 server Rootkit Hunter: Please inspect this machine, because it may be infected.
---------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: header.From=postmaster@example.com
DNS record(s):
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified:
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: neutral
Sender-ID check: pass
SpamAssassin check: ham
..::
Monetize Your Website with ylliXmedia ::..
..:: Online Advertising that Sale Anything with ylliXmedia ::.. |
Page created in 0.033 seconds with 20 queries.