Results 201 to 225 of 603
-
05-02-2011, 07:36 AM #201Newbie
- Join Date
- Apr 2011
- Posts
- 28
Great work, thank you.
-
05-02-2011, 11:04 PM #202WHT Addict
- Join Date
- Apr 2010
- Posts
- 162
I already read this thread last year and revisited this again today because I need to setup a lowendbox for my new website and this script really helped me a lot Thank you
-
05-03-2011, 06:51 PM #203Divided by Zero
- Join Date
- Jun 2009
- Posts
- 1,219
Thank you so much for this wonderful script that just made my VPS a lot slimmer and snappier!
You truly made my day!
-
05-04-2011, 08:26 PM #204WHT Addict
- Join Date
- May 2011
- Posts
- 114
Great script, thank you!
-
05-10-2011, 09:04 AM #205[ VPS Enthusiast ]
- Join Date
- Nov 2009
- Location
- Cheltenham, UK
- Posts
- 1,416
No problem, I am glad it has been useful
█ Ben Thomas, Director - BTCentral Web Development Services
█ http://www.btcentral.org.uk - Need a custom Web App? Visit us online.
-
05-15-2011, 02:22 PM #206Newbie
- Join Date
- May 2011
- Posts
- 7
Code:rm -rf /tmp mkdir /tmp mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp chmod 1777 /tmp echo "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab rm -rf /var/tmp ln -s /tmp /var/tm
P.S. I'm a newbie.
-
05-15-2011, 05:16 PM #207VPS Like a Boss!
- Join Date
- Jul 2009
- Location
- New Zealand
- Posts
- 2,331
QuickWeb™ -We Host Servers Like a Boss!
New Zealand - USA - UK - Germany Virtual Servers
Worldwide hosting provider with proven 24x7 and 25-Minute Support!
www.quickweb.co.nz
-
05-15-2011, 08:07 PM #208[ VPS Enthusiast ]
- Join Date
- Nov 2009
- Location
- Cheltenham, UK
- Posts
- 1,416
Yes, just as Roel said it stops many, many exploits from being run on your server.
As far as we're concerned it is always something that should be done on any Linux server, especially if it's one that's running publicly accessible web-services that could potentially be exploited.
We always recommend when setting up a server, securing /tmp and /var/tmp, changing the SSH port, allowing access to SSH only via Public Keys (unless it is an environment where it is totally impractical to do so), installing an intrusion detection system with auto IP banning functionality and getting a decent software firewall in place (we generally use ConfigServer Firewall for the IDS and Firewall).
As and when I get some more time to work on Centmin properly again, these are more than likely some of the things I will look into implementing.█ Ben Thomas, Director - BTCentral Web Development Services
█ http://www.btcentral.org.uk - Need a custom Web App? Visit us online.
-
05-16-2011, 12:12 AM #209Newbie
- Join Date
- Apr 2011
- Posts
- 28
Thanks for you infomation, I'll wait for the next secure release.
-
05-16-2011, 05:19 AM #210[ VPS Enthusiast ]
- Join Date
- Nov 2009
- Location
- Cheltenham, UK
- Posts
- 1,416
You might be in for a bit of a wait if that's the case
We are extremely busy at the moment, combine that with the fact that I am moving house in 5 weeks and it means realistically it's probably going to be the end of June/early July before I start working on additional features again (any bugfixes etc. will be a priority in the meanwhile).Last edited by BTCentral - Ben; 05-16-2011 at 05:26 AM.
█ Ben Thomas, Director - BTCentral Web Development Services
█ http://www.btcentral.org.uk - Need a custom Web App? Visit us online.
-
05-16-2011, 10:44 AM #211Web Hosting Master
- Join Date
- Apr 2000
- Location
- Brisbane, Australia
- Posts
- 2,602
Hi Ben
Just thought I'd pop in and say thanks for the nice centmin script framework, very easy to modify to suit my needs. I already scripted an equivalent script ages ago for apache based web server, but never got around to nginx version.
Been playing with local and rackspace cloud server setups and moved my existing nginx configuration settings into your script with additional nginx config options.
So now I have changed mysql to MariaDB 5.2.6 mysql, added xcache support (for vB datastore cache support), Nginx and php-fpm compiled with updated openssl from 0.9.8e to 1.0.0d, and dumped php-fpm yum install in favour of custom source compile for php-fpm with addition config options compiled in to ensure it works with vBulletin forums
George: CentminMod.com Nginx Installer Nginx 1.25, PHP-FPM, MariaDB 10 CentOS (AlmaLinux/Rocky testing)
: Centmin Mod Latest Beta Nginx HTTP/2 HTTPS & HTTP/3 QUIC HTTPS supports TLS 1.3 via OpenSSL 1.1.1/3.0/3.1 or BoringSSL or QuicTLS OpenSSL
: Nginx & PHP-FPM Benchmarks: Centmin Mod vs EasyEngine vs Webinoly vs VestaCP vs OneInStack
-
05-16-2011, 11:54 AM #212Newbie
- Join Date
- Apr 2011
- Posts
- 28
Wow, very interesting, can you share your experience when creating new script base on the original?
More about new MariaDB + Xcache + costom compile php-fpm?
-
05-16-2011, 12:45 PM #213Newbie
- Join Date
- May 2011
- Posts
- 7
Thank you for introducing me to ConfigServer.
How could the system be exploited if I don't "secure" /tmp and /var/tmp, though? What I don't understand at all is why the tmp directory is any safer under / rather than /var. Also, it's understandable why you'd want to change the access permissions, but why the tmp folder and not any other?
-
05-16-2011, 01:21 PM #214Newbie
- Join Date
- May 2011
- Posts
- 7
-
05-16-2011, 01:48 PM #215Web Hosting Master
- Join Date
- Apr 2000
- Location
- Brisbane, Australia
- Posts
- 2,602
My apache version of my script has CSF install routine as well, so might migrate it over to centmin modified script
well initially had some problems compiling the right path to openssl for nginx and php-fpm and some php-fpm paths which differed from php-fpm rpm/yum versus my custom source compile, so changed them to around.
End up with the following
Code:free -m total used free shared buffers cached Mem: 3270 506 2763 0 25 314 -/+ buffers/cache: 166 3103 Swap: 5279 0 5279
Code:top - 01:40:27 up 2 min, 1 user, load average: 0.45, 0.26, 0.10 Tasks: 140 total, 1 running, 139 sleeping, 0 stopped, 0 zombie Cpu(s): 2.9%us, 3.3%sy, 0.0%ni, 80.6%id, 11.7%wa, 0.4%hi, 1.0%si, 0.0%st Mem: 3348500k total, 518712k used, 2829788k free, 26544k buffers Swap: 5406712k total, 0k used, 5406712k free, 321868k cached
Code:nginx -V nginx: nginx version: nginx/1.0.2 nginx: built by gcc 4.1.2 20080704 (Red Hat 4.1.2-50) nginx: TLS SNI support enabled nginx: configure arguments: --sbin-path=/usr/local/sbin --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_sub_module --with-http_addition_module --with-http_secure_link_module --with-http_flv_module --with-http_sub_module --with-http_realip_module --add-module=../ngx-fancyindex-0.3.1 --add-module=../ngx_cache_purge-1.3 --add-module=../nginx-accesskey-2.0.3 --with-google_perftools_module --with-openssl=../openssl-1.0.0d --with-ld-opt=-ltcmalloc_minimal
Code:php -v PHP 5.3.6 (cli) (built: May 17 2011 01:29:54) Copyright (c) 1997-2011 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies with XCache v1.3.1, Copyright (c) 2005-2010, by mOo
Code:php -i | grep configure Configure Command => '../configure' '--enable-cgi' '--enable-fpm' '--with-mcrypt' '--with-mhash' '--with-zlib' '--with-gettext' '--enable-exif' '--enable-zip' '--with-bz2' '--enable-soap' '--enable-sockets' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--enable-shmop' '--with-pear' '--enable-mbstring' '--with-openssl=/usr/local' '--with-mysql=/usr/bin/' '--with-libdir=lib64' '--with-mysqli=/usr/bin/mysql_config' '--with-mysql-sock' '--with-curl' '--with-gd' '--with-xmlrpc' '--enable-bcmath' '--enable-calendar' '--enable-ftp' '--enable-gd-native-ttf' '--without-sqlite' '--disable-pdo' '--with-fpm-user=nginx' '--with-fpm-group=nginx'
Code:php -i | grep MariaDB Client API version => 5.2.6-MariaDB Client API library version => 5.2.6-MariaDB Client API header version => 5.2.6-MariaDB
Code:mysqladmin ver mysqladmin Ver 9.0 Distrib 5.2.6-MariaDB, for unknown-linux-gnu on x86_64 Copyright 2000-2008 MySQL AB, 2008 Sun Microsystems, Inc, 2009 Monty Program Ab This software comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to modify and redistribute it under the GPL license Server version 5.2.6-MariaDB-mariadb101 Protocol version 10 Connection Localhost via UNIX socket UNIX socket /var/lib/mysql/mysql.sock Uptime: 4 min 28 sec Threads: 1 Questions: 1 Slow queries: 0 Opens: 15 Flush tables: 1 Open tables: 8 Queries per second avg: 0.3
Code:ulimit -aH core file size (blocks, -c) unlimited data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 26623 max locked memory (kbytes, -l) 32 max memory size (kbytes, -m) unlimited open files (-n) 63536 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) unlimited cpu time (seconds, -t) unlimited max user processes (-u) 26623 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited
: CentminMod.com Nginx Installer Nginx 1.25, PHP-FPM, MariaDB 10 CentOS (AlmaLinux/Rocky testing)
: Centmin Mod Latest Beta Nginx HTTP/2 HTTPS & HTTP/3 QUIC HTTPS supports TLS 1.3 via OpenSSL 1.1.1/3.0/3.1 or BoringSSL or QuicTLS OpenSSL
: Nginx & PHP-FPM Benchmarks: Centmin Mod vs EasyEngine vs Webinoly vs VestaCP vs OneInStack
-
05-17-2011, 05:50 AM #216Newbie
- Join Date
- Apr 2011
- Posts
- 28
Thank you very much eva2000.
-
05-17-2011, 03:55 PM #217Web Hosting Master
- Join Date
- Apr 2000
- Location
- Brisbane, Australia
- Posts
- 2,602
Also added some command shortcuts to bottom of centmin script
Code:echo " " cecho "**********************************************************************" $boldgreen cecho "* Add cmd shortcuts for php.ini, my.cnf, php-fpm.conf, nginx.conf and virtual.conf " $boldgreen cecho "* Edit php.ini = phpedit " $boldgreen cecho "* Edit my.cnf = mycnf " $boldgreen cecho "* Edit php-fpm.conf = fpmconf " $boldgreen cecho "* Edit nginx.conf = nginxconf " $boldgreen cecho "* Edit virtual.conf = vhostconf " $boldgreen cecho "* nginx stop/start/restart = ngxstop/ngxstart/ngxrestart " $boldgreen cecho "* php-fpm stop/start/restart = fpmstop/fpmstart/fpmrestart " $boldgreen cecho "* mysql stop/start/restart = mysqlstop/mysqlstart/mysqlrestart " $boldgreen cecho "* nginx + php-fpm stop/start/restart = npstop/npstart/nprestart " $boldgreen cecho "**********************************************************************" $boldgreen echo "nano -w /usr/local/lib/php.ini" > /usr/bin/phpedit ; chmod 700 /usr/bin/phpedit echo "nano -w /etc/my.cnf" >/usr/bin/mycnf ; chmod 700 /usr/bin/mycnf echo "nano -w /usr/local/etc/php-fpm.conf" >/usr/bin/fpmconf ; chmod 700 /usr/bin/fpmconf echo "nano -w /usr/local/nginx/conf/nginx.conf" >/usr/bin/nginxconf ; chmod 700 /usr/bin/nginxconf echo "nano -w /usr/local/nginx/conf/conf.d/virtual.conf" >/usr/bin/vhostconf ; chmod 700 /usr/bin/vhostconf echo "service nginx stop" >/usr/bin/ngxstop ; chmod 700 /usr/bin/ngxstop echo "service nginx start" >/usr/bin/ngxstart ; chmod 700 /usr/bin/ngxstart echo "service nginx restart" >/usr/bin/ngxrestart ; chmod 700 /usr/bin/ngxrestart echo "service php-fpm stop" >/usr/bin/fpmstop ; chmod 700 /usr/bin/fpmstop echo "service php-fpm start" >/usr/bin/fpmstart ; chmod 700 /usr/bin/fpmstart echo "service php-fpm restart" >/usr/bin/fpmrestart ; chmod 700 /usr/bin/fpmrestart echo "service mysql stop" >/usr/bin/mysqlstop ; chmod 700 /usr/bin/mysqlstop echo "service mysql start" >/usr/bin/mysqlstart ; chmod 700 /usr/bin/mysqlstart echo "service mysql restart" >/usr/bin/mysqlrestart ; chmod 700 /usr/bin/mysqlrestart echo "service nginx stop;service php-fpm stop" >/usr/bin/npstop ; chmod 700 /usr/bin/npstop echo "service nginx start;service php-fpm start" >/usr/bin/npstart ; chmod 700 /usr/bin/npstart echo "service nginx restart;service php-fpm restart" >/usr/bin/nprestart ; chmod 700 /usr/bin/nprestart echo " " cecho "**********************************************************************" $boldgreen cecho "* Installation complete, congratulations!" $boldgreen cecho "* For security reasons this script will now be deleted." $boldgreen cecho "* " $boldgreen cecho "* We would highly recommend that you reboot your server now." $boldgreen cecho "* " $boldgreen cecho "* Enjoy CentOS - BTCentral" $boldgreen cecho "**********************************************************************" $boldgreen
: CentminMod.com Nginx Installer Nginx 1.25, PHP-FPM, MariaDB 10 CentOS (AlmaLinux/Rocky testing)
: Centmin Mod Latest Beta Nginx HTTP/2 HTTPS & HTTP/3 QUIC HTTPS supports TLS 1.3 via OpenSSL 1.1.1/3.0/3.1 or BoringSSL or QuicTLS OpenSSL
: Nginx & PHP-FPM Benchmarks: Centmin Mod vs EasyEngine vs Webinoly vs VestaCP vs OneInStack
-
05-18-2011, 06:13 AM #218[ VPS Enthusiast ]
- Join Date
- Nov 2009
- Location
- Cheltenham, UK
- Posts
- 1,416
Hi George,
Firstly no problem, glad you have found it useful
The changes you have been making sound very interesting, in particular for me MariaDB support - that's always something I have meant to look into but just have not found the time yet.
If you're interested in having changes you have made implemented into Centmin just drop me a PM or drop us an email and I will get back to you - for example I could get it to give the option for MariaDB instead of standard MySQL, custom php-fpm instead of pre-compiled, etc. which I am sure would be very useful for some people. Full credit would be given for any contributions of course.
We have big plans for Centmin in the not too distant future, as I said it's just a matter of finding the time to implement them
Alternatively if you just fancy making a fork of Centmin that's just fine too.
Thanks,
Ben█ Ben Thomas, Director - BTCentral Web Development Services
█ http://www.btcentral.org.uk - Need a custom Web App? Visit us online.
-
05-18-2011, 07:07 AM #219Web Hosting Master
- Join Date
- Apr 2000
- Location
- Brisbane, Australia
- Posts
- 2,602
Hi Ben
I'd love to share my version but last time i linked to my site on this forum to provide useful and on topic info for a thread, a moderator gave me an infraction warning
I've since last post, added memcached server support to my version of the script so libevent, memcached, memcache along with xcache support has been added.
MariaDB is mainly 64bit so is the rest of the focus of my version as it's what i mainly use for servers. So maybe you could add in necessarily routines and checks for 32bit vs 64bit.
My apache version also has CSF, chkrootkit, rkhunter and varnish cache options, I'm thinking of at least adding CSF to my modified version of centmin, I can share the changes once that's done and tested: CentminMod.com Nginx Installer Nginx 1.25, PHP-FPM, MariaDB 10 CentOS (AlmaLinux/Rocky testing)
: Centmin Mod Latest Beta Nginx HTTP/2 HTTPS & HTTP/3 QUIC HTTPS supports TLS 1.3 via OpenSSL 1.1.1/3.0/3.1 or BoringSSL or QuicTLS OpenSSL
: Nginx & PHP-FPM Benchmarks: Centmin Mod vs EasyEngine vs Webinoly vs VestaCP vs OneInStack
-
05-18-2011, 07:30 AM #220[ VPS Enthusiast ]
- Join Date
- Nov 2009
- Location
- Cheltenham, UK
- Posts
- 1,416
Hmm, depending on how you worded your post/what you linked to it may have been considered self-promotion.
In that case what I will do is PM you my email address so that you can get in touch that way. So if you have a website I can have a look at or links to any changes you can just send them that way
Edit: Done.
Sounds good, 32bit checks are not a problem, there's already an architecture check in the script and I'm more than happy to make changes as necessary. We have VPS specifically for testing and could also easily setup a VM in the likes of VirtualBox if needed.
Thanks,
BenLast edited by BTCentral - Ben; 05-18-2011 at 07:39 AM.
█ Ben Thomas, Director - BTCentral Web Development Services
█ http://www.btcentral.org.uk - Need a custom Web App? Visit us online.
-
05-19-2011, 04:35 AM #221Web Hosting Master
- Join Date
- Apr 2000
- Location
- Brisbane, Australia
- Posts
- 2,602
Thanks Ben email sent. I uploaded a copy of the modified centmin version here - it has MariaDB 5.2.6 support, xcache v1.3.1, memcached 1.4.5, memcache 3.0.5, libevent 2.0.10, csf firewall and siege benchmark install. Feel free to correct and outline any errors or bugs I introduced into the script
: CentminMod.com Nginx Installer Nginx 1.25, PHP-FPM, MariaDB 10 CentOS (AlmaLinux/Rocky testing)
: Centmin Mod Latest Beta Nginx HTTP/2 HTTPS & HTTP/3 QUIC HTTPS supports TLS 1.3 via OpenSSL 1.1.1/3.0/3.1 or BoringSSL or QuicTLS OpenSSL
: Nginx & PHP-FPM Benchmarks: Centmin Mod vs EasyEngine vs Webinoly vs VestaCP vs OneInStack
-
05-19-2011, 05:39 AM #222[ VPS Enthusiast ]
- Join Date
- Nov 2009
- Location
- Cheltenham, UK
- Posts
- 1,416
█ Ben Thomas, Director - BTCentral Web Development Services
█ http://www.btcentral.org.uk - Need a custom Web App? Visit us online.
-
05-24-2011, 04:35 PM #223Web Hosting Master
- Join Date
- Apr 2000
- Location
- Brisbane, Australia
- Posts
- 2,602
: CentminMod.com Nginx Installer Nginx 1.25, PHP-FPM, MariaDB 10 CentOS (AlmaLinux/Rocky testing)
: Centmin Mod Latest Beta Nginx HTTP/2 HTTPS & HTTP/3 QUIC HTTPS supports TLS 1.3 via OpenSSL 1.1.1/3.0/3.1 or BoringSSL or QuicTLS OpenSSL
: Nginx & PHP-FPM Benchmarks: Centmin Mod vs EasyEngine vs Webinoly vs VestaCP vs OneInStack
-
06-04-2011, 04:31 PM #224Web Hosting Evangelist
- Join Date
- Feb 2004
- Posts
- 491
Thanks for all the hard work on this Ben and eva2000 and the others who contributed.
Adding the excellent CSF to this is most welcome.
But I was originally looking for the best way to install from scratch a minimal CentOS 5 when I found centmin - so what is the best practice for the initial minimal clean install? Should I just start with the original ISO or is there a better recommended build? Should I just use the netinstall?Last edited by aww; 06-04-2011 at 04:44 PM.
-
06-04-2011, 07:52 PM #225Web Hosting Evangelist
- Join Date
- Feb 2004
- Posts
- 491
eva2000 I had to modify your script for 32bit since I am testing in a VM on a 32bit OS
I did these search/replaces, just to help others in the future:
Code:.x86_64 -> .i386 /x86_64 -> /i386 amd64 -> x86 lib64 -> lib
Apache is working but not nginx, so investigating that...
BTW are the wget fetched files cleaned up at any point?
Because when I rerun the script I see wget often renaming .gz.1 .gz.2 .gz.3 instead of overwriting or skipping any existing.
I also noticed these two errors:
Code:./centmin.sh: line 629: /usr/local/bin/phpize: No such file or directory ./centmin.sh: line 630: ./configure: No such file or directory
Had to edit /etc/vftpd/vftpd.conf and change
local_enable=YES
and comment out
#one_process_model=yesLast edited by aww; 06-04-2011 at 07:59 PM.
Similar Threads
-
Perfect CentOs Server Setup (Low Memory)
By skoobi2 in forum VPS HostingReplies: 9Last Post: 07-20-2010, 10:16 AM -
Looking for a sysadmin - install debian/centos + dtc-xen + dtc/images (centos etc)
By Ron D in forum Employment / Job OffersReplies: 2Last Post: 06-12-2009, 11:31 PM -
Script Install service, very low rates!
By Justin in forum Employment / Job OffersReplies: 0Last Post: 12-17-2006, 07:10 PM -
centos:apache,php, yum install or source install?
By cchere in forum Hosting Security and TechnologyReplies: 2Last Post: 08-29-2006, 05:14 PM -
How do I install GD on a default CentOS 4.x install?
By Fabalo.com in forum Hosting Security and TechnologyReplies: 3Last Post: 02-12-2006, 11:43 AM