Thursday, November 26, 2015

ssllabs A+ nginx

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers !RC4:HIGH:!aNULL:!MD5:!kEDH;
    ssl_session_cache shared:SSL:10m;
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    ssl_session_tickets off; # Requires nginx >= 1.5.9
    ssl_stapling on; # Requires nginx >= 1.3.7
    ssl_stapling_verify on; # Requires nginx => 1.3.7
    resolver_timeout 5s;
- No comments:
Labels: , ,

Wednesday, November 25, 2015

monit check process by name without pid

check process httpd
    matching "/usr/sbin/httpd"
    start program = "/etc/init.d/httpd start"
    stop program  = "/etc/init.d/httpd stop"


monit will check process by process name "/usr/sbin/httpd"
- No comments:
Labels: ,

Friday, November 20, 2015

fail2ban 0.9.0 example ssh jail.conf


[sshd]
enabled = true

logpath = /var/log/secure #centos
logpath = /var/log/auth.log #debian

ignoreip = 192.168.0.0/24
bantime = 6000
maxretry = 3

- No comments:
Labels: ,

Thursday, November 19, 2015

openssl csr request 

openssl req -new -nodes -newkey rsa:2048 -keyout mydomain.key -out mydomain.csr
- No comments:
Labels: ,

Wednesday, November 18, 2015

mysql logrotate example

/var/log/mysql-slow.log {
    weekly
    rotate 3
    compress
    missingok
    notifempty
    sharedscripts
    create 660 mysql mysql
    postrotate
        /usr/bin/mysqladmin flush-logs
    endscript
}
- No comments:

Monday, November 16, 2015

allow, deny not working apache + nginx

For allow remote connections for specific IP add next to htaccess

SetEnvIf Remote_Addr «10.11.12.15|10.11.12.16″ realremoteaddr
Order Deny,Allow
Deny from all
allow from env=realremoteaddr

10.11.12.15|10.11.12.16 — allowed IP


For deny:

SetEnvIf Remote_Addr «10.11.12.15|10.11.12.16″ realremoteaddr
Order Allow,Deny
Allow from all
Deny from env=realremoteaddr

10.11.12.15|10.11.12.16 — now allowed IPs

- No comments:
Labels: ,

Friday, November 13, 2015

linux set PATH variable permanently

add to  ~/.bashrc

for example


export PATH=$PATH:/root/bin
- No comments:
Labels: , ,

Tuesday, November 10, 2015

nginx init.d script

#!/bin/sh
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig:   - 85 15
# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /usr/local/nginx/conf/nginx.conf
# pidfile:     /usr/local/nginx/logs/nginx.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

nginx="/usr/local/sbin/nginx"
prog=$(basename $nginx)

NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"

lockfile=/var/lock/subsys/nginx

start() {
    [ -x $nginx ] || exit 5
    [ -f $NGINX_CONF_FILE ] || exit 6
    echo -n $"Starting $prog: "
    daemon $nginx -c $NGINX_CONF_FILE
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}

stop() {
    echo -n $"Stopping $prog: "
    killproc $prog -QUIT
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}

restart() {
    configtest || return $?
    stop
    start
}

reload() {
    configtest || return $?
    echo -n $"Reloading $prog: "
    killproc $nginx -HUP
    RETVAL=$?
    echo
}

force_reload() {
    restart
}

configtest() {
  $nginx -t -c $NGINX_CONF_FILE
}

rh_status() {
    status $prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}

case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart|configtest)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
            ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
        exit 2
esac
- No comments:
Labels: , ,

Thursday, November 5, 2015

pure-ftpd centos working config

ChrootEveryone              yes
BrokenClientsCompatibility  no
MaxClientsNumber            50
Daemonize                   yes
MaxClientsPerIP             20
VerboseLog                  yes
DisplayDotFiles             yes
AnonymousOnly               no
NoAnonymous                 yes
DontResolve                 yes
MaxIdleTime                 15
 PureDB                        /etc/pure-ftpd/pureftpd.pdb
PAMAuthentication             no
LimitRecursion              10000 8
AnonymousCanCreateDirs      no
MaxLoad                     4
PassivePortRange          48000 50000
AntiWarez                   yes
Umask                       137:027
MinUID                      48
UseFtpUsers no
AllowUserFXP                no
AllowAnonymousFXP           no
ProhibitDotFilesWrite       no
ProhibitDotFilesRead        no
AutoRename                  no
AnonymousCantUpload         yes
AltLog                     clf:/var/log/pureftpd.log
MaxDiskUsage               99
CustomerProof              yes

- No comments:
Labels: ,
Subscribe to: Posts (Atom)

grub2-install: error: disk `mduuid/e54081d398c6d57b4d67436f6d032162' not found

After raid 1 disk replacement faced with this issue # grub2-install /dev/sdb Installing for i386-pc platform. grub2-install: error: disk `md...