hraeissi
May 15th, 2011, 09:12
با سلام
دوستان من هم به جمع دارندگان VPS پیوستم البته از نوع بی تجربش.
چند ماهی چنل نمایندگی داشتم گفتم که VPS هم مثل اونه دیدم نه بابا کلی کار داره .
حالا به ترتیب می خوام بیام جلو .
من در بخش چک کردن امنیت سرور چندین وارنیگ دارم که یکی یکی برای راهنمایی دوستان باتجربه قرار می دهم
ممنون می شوم که دلیل و راه حل رفع آن را اعلام کنند .
ممنون
خطاها شامل :
Check /tmp is mounted as a filesystem : WARNING /tmp should be mounted as a separate filesystem with the noexec,nosuid options set
Check /etc/cron.daily/logrotate for /tmp noexec workaround : WARNING Due to a bug in logrotate if /tmp is mounted with the noexec option, you need to have logrotate use a different temporary directory. If you don't do this syslog may not restart correctly and will write to the wrong (older) log files. See here for a way to do this
Check /var/tmp is mounted as a filesystem : WARNING /var/tmp should either be symlinked to /tmp or mounted as a filesystem
Check for cxs : WARNING You should consider using cxs to scan web script and ftp uploads and user accounts for exploits uploaded to the server
Check for kernel logger : WARNING syslogd appears to be running, but not klogd which logs kernel firewall messages to syslog. You should ensure that klogd is running
Check SSH on non-standard port : WARNING You should consider moving SSH to a non-standard port [currently:22] to evade basic SSH port scans. Don't forget to open the port in the firewall first!
Check SSH PasswordAuthentication : WARNING For ultimate SSH security, you should consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication
Check apache for FrontPage : WARNING Microsoft Frontpage Extensions were EOL in 2006 and there is no support for bugs or security issues. For this reason, it should be considered a security risk to continue using them. You should rebuild apache through easyapache and deselect the option to build them
Check php for ini_set disabledWARNINGYou should consider adding ini_set to the disable_functions in the PHP configuration as this setting allows PHP scripts to override global security and performance settings for PHP scripts. Adding ini_set can break PHP scripts and commenting out any use of ini_set in such scripts is advised
Check Accounts that can access a cPanel user account : WARNING You should consider setting this option to "user" after use. WHM > Tweak Settings > Accounts that can access a cPanel user account
Check nameservers : WARNING At least one of the configured nameservers:NS1.......
NS2....... should be located in a topologically and geographically dispersed location on the Internet - See RFC 2182 (Section 3.1)
زیاده فکر کنم
به خاطر همین شدیدن به کمکتون نیاز دارم
ممنون
دوستان من هم به جمع دارندگان VPS پیوستم البته از نوع بی تجربش.
چند ماهی چنل نمایندگی داشتم گفتم که VPS هم مثل اونه دیدم نه بابا کلی کار داره .
حالا به ترتیب می خوام بیام جلو .
من در بخش چک کردن امنیت سرور چندین وارنیگ دارم که یکی یکی برای راهنمایی دوستان باتجربه قرار می دهم
ممنون می شوم که دلیل و راه حل رفع آن را اعلام کنند .
ممنون
خطاها شامل :
Check /tmp is mounted as a filesystem : WARNING /tmp should be mounted as a separate filesystem with the noexec,nosuid options set
Check /etc/cron.daily/logrotate for /tmp noexec workaround : WARNING Due to a bug in logrotate if /tmp is mounted with the noexec option, you need to have logrotate use a different temporary directory. If you don't do this syslog may not restart correctly and will write to the wrong (older) log files. See here for a way to do this
Check /var/tmp is mounted as a filesystem : WARNING /var/tmp should either be symlinked to /tmp or mounted as a filesystem
Check for cxs : WARNING You should consider using cxs to scan web script and ftp uploads and user accounts for exploits uploaded to the server
Check for kernel logger : WARNING syslogd appears to be running, but not klogd which logs kernel firewall messages to syslog. You should ensure that klogd is running
Check SSH on non-standard port : WARNING You should consider moving SSH to a non-standard port [currently:22] to evade basic SSH port scans. Don't forget to open the port in the firewall first!
Check SSH PasswordAuthentication : WARNING For ultimate SSH security, you should consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication
Check apache for FrontPage : WARNING Microsoft Frontpage Extensions were EOL in 2006 and there is no support for bugs or security issues. For this reason, it should be considered a security risk to continue using them. You should rebuild apache through easyapache and deselect the option to build them
Check php for ini_set disabledWARNINGYou should consider adding ini_set to the disable_functions in the PHP configuration as this setting allows PHP scripts to override global security and performance settings for PHP scripts. Adding ini_set can break PHP scripts and commenting out any use of ini_set in such scripts is advised
Check Accounts that can access a cPanel user account : WARNING You should consider setting this option to "user" after use. WHM > Tweak Settings > Accounts that can access a cPanel user account
Check nameservers : WARNING At least one of the configured nameservers:NS1.......
NS2....... should be located in a topologically and geographically dispersed location on the Internet - See RFC 2182 (Section 3.1)
زیاده فکر کنم
به خاطر همین شدیدن به کمکتون نیاز دارم
ممنون