apt-get install php5-mcrypt /etc/init.d/apache2 restart
apt-get install php5-mcrypt /etc/init.d/apache2 restart
先安裝RootKit Hunter
cd /tmp wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
tar -xvf rkhunter-1.4.0.tar.gz cd rkhunter-1.4.0 ./installer.sh --layout default --install
cd /usr/local/bin mv rkhunter /usr/bin/
之後update db
rkhunter --update rkhunter --propupd
之後要修改/etc/rkhunter.conf
nano /etc/rkhunter.conf
加入hidden file whitelist
SCRIPTDIR=/usr/local/lib/rkhunter/scripts ALLOWHIDDENDIR="/etc/.java" ALLOWHIDDENDIR="/dev/.udev" ALLOWHIDDENFILE="/dev/.initramfs" SCRIPTWHITELIST=/usr/bin/unhide.rb
Scan Machine 方法
rkhunter --checkall
完成
rm -r rkhunter-1.4.0 rm -r rkhunter-1.4.0.tar.gz
有好多人會以為配置SSL virtual Host 時,會同普通http virtual Host 一樣,
copy 多一set virtual host 改servername , restart 就完成.
但你好快會發現有問題出現
假設你有2個SSL site, 同樣都有cert的.
SSL Site B 會使用了 Site A 張cert
要解決這個問題有三個可行的方法
總之要點係每個SSL VirtualHost 都要有獨立的IP:PORT組合,不然就要用wildcard SSL
以下cmd 需要在有root權的acc使用
Install ufw
sudo apt-get install gufw
Check firewall status
ufw status
Turn on Firewall
ufw enable
Turn off Firewall
ufw disable
Allow a port
ufw allow [port number]
Allow an ip address
ufw allow from [ip address]
Allow a specific ip address and port
ufw allow from [ipaddress] to any port [port number]
Allow ip address range 10.120.0.1 – 10.120.0.255 to port 22
ufw allow from 10.0.0.0/24 to any port 22
Blocking a port
ufw deny port [port number]
To remove a deny or allow rule
ufw delete deny [port number]
sudo apt-get install awstats
Copy the config file for new site (should name as wstats.yourdomain.ext.conf)
cp /etc/awstats/awstats.conf /etc/awstats/awstats.yourdomain.ext.conf
Open the config file, and modify these lines
#Path to access.log for your domain LogFile="/var/log/apache2/access.log" #I recommend '1' for more detailed information LogFormat=1 SiteDomain="yourdomain.ext" HostAliases="localhost 127.0.0.1 yourdomain.ext"
For running the first time use
/usr/lib/cgi-bin/awstats.pl -config=yourdomain.ext
For update
/usr/lib/cgi-bin/awstats.pl -config=yourdomain.ext -update
apache setting
<VirtualHost *:80> ServerName ***.***.***.*** DocumentRoot /var/www/ <Directory "/var/www/"> Options FollowSymLinks AllowOverride ALL Order allow,deny Allow from all </Directory> Alias /awstatsclasses/ "/usr/share/awstats/lib/" Alias /awstats-icon/ "/usr/share/awstats/icon/" Alias /awstatscss "/usr/share/doc/awstats/examples/css" ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ ScriptAlias /awstats/ /usr/lib/cgi-bin/ Options ExecCGI -MultiViews +SymLinksIfOwnerMatch </VirtualHost>
/etc/init.d/apache2 reload
0 */3 * * * root /usr/lib/cgi-bin/awstats.pl -config=yourdomain.ext -update >/dev/null
Get File from remote server
scp [username]@[hostaddress]:/remotefile /newlocalfile
upload File to remote server
scp [localfilename] [username]@[hostaddress]:/newfilename
1]Activate the SSL Module
sudo a2enmod ssl sudo service apache2 restart
2]create a new directory where we will store the server key and certificate
sudo mkdir /etc/apache2/ssl
3]Create a Self Signed SSL Certificate
this certificate will expire after one year.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
4]The most important line is “Common Name”. Enter your official domain name here or, if you don’t have one yet, your site’s IP address.
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:NYC
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc
Organizational Unit Name (eg, section) []:Dept of Merriment
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:[email protected]
5]Set Up the Certificate
sudo nano /etc/apache2/sites-available/default-ssl ServerName example.com:443 SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key
6]Activate the New Virtual Host
sudo a2ensite default-ssl sudo service apache2 reload
Recent Comments