با سلام

از دوستان کسی هست که یه کانفیگ خوب برای مشخصات سرور مجازی زیر معرفی کنه:

Memory: 768 MB
Burst Ram: 1 GB
Disk Space: 50 GB
Os: Centos 32 Bit
Panel: Direct Admin

مجازی سازی هم OpenVZ هستش.

سلام

منظورتون از کانفیگ خوب چی هست ؟!

که از نظر سرعت و امنیت بهینه تر شود

خوب یک فایر وال csf نصب کنید و تمامی راه های پیشنهادیشو اعمال کنید رو سرورتون !
این از لحاظ امنیت سروتون رو مناسب نگه میداره !
آنتی ویروس هم حتما روش نصب کنید.

برای سرعت بیشتر هم دنبال روش هایی برای تنظیم Apache باشید

برای اینکه مصرف رم شما کمتر شود باید آپاچی را بهینه کنید
نصب csf به تنهایی تغییر خاصی در سرور ایجاد نمیکند باید بتونید منیج کنید تا تاثیر را متوجه شوید

جناب alborzhost لطف کردن و csf نصب کردن.
در قسمت check Server security خطاهای زیر رو میده :

WARNING:
Check /tmp is mounted as a filesystem -> /tmp should be mounted as a separate filesystem with the noexec,nosuid options set

Check /var/tmp is mounted as a filesystem -> /var/tmp should either be symlinked to /tmp or mounted as a filesystem

Check MySQL version -> You are running a legacy version of MySQL (v5.0.67) and should consider upgrading to v5.1.* as recommended by MySQL

Check for kernel logger -> syslogd appears to be running, but not klogd which logs kernel firewall messages to syslog. You should ensure that klogd is running

Check SSH on non-standard port -> You should consider moving SSH to a non-standard port [currently:22] to evade basic SSH port scans. Don't forget to open the port in the firewall first!

Check SSH PasswordAuthentication -> For ultimate SSH security, you should consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication

Check SSH UseDNS -> You should disable UseDNS by editing /etc/ssh/sshd_config and setting:
UseDNS no
Otherwise, lfd will be unable to track SSHD login failures successfully as the log files will not report IP addresses

Check exim for extended logging (log_selector) -> You should enable extended exim logging to enable easier tracking potential outgoing spam issues. Add:
log_selector = +arguments +subject +received_recipients
to /etc/exim.conf

Check php for enable_dl or disabled dl() -> You should modify /usr/local/lib/php.ini and set:
enable_dl = Off
This prevents users from loading php modules that affect everyone on the server. Note that if use dynamic libraries, such as ioncube, you will have to load them directly in the PHP configuration (usually in /usr/local/lib/php.ini)

Check php for disable_functions -> You should modify the PHP configuration and disable commonly abused php functions, e.g.:
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen
Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list

Check php for ini_set disabled -> You should consider adding ini_set to the disable_functions in the PHP configuration as this setting allows PHP scripts to override global security and performance settings for PHP scripts. Adding ini_set can break PHP scripts and commenting out any use of ini_set in such scripts is advised


Check php for Suhosin -> You should recompile PHP with Suhosin to add greater security to PHP

Check DirectAdmin login is SSL only -> You should enable SSL only login to DirectAdmin

Check VPS FTP PASV hole -> Since the Virtuozzo VPS iptables ip_conntrack_ftp kernel module is currently broken you have to open a PASV port hole in iptables for incoming FTP connections to work correctly. See the csf readme.txt under 'A note about FTP Connection Issues' on how to do this

Check nameservers -> At least one of the configured nameservers:
ns1.site.com
ns2.site.com
should be located in a topologically and geographically dispersed location on the Internet - See RFC 2182 (Section 3.1

برای رفع این خطاها مرجعی یا راهنمایی رو سراغ دارین ؟

از دوستان کسی هست برای حل 4 مشکل امنیتی زیر کمک کنه:

Check /tmp is mounted as a filesystem -> /tmp should be mounted as a separate filesystem with the noexec,nosuid options set

Check /var/tmp is mounted as a filesystem -> /var/tmp should either be symlinked to /tmp or mounted as a filesystem

Check VPS FTP PASV hole -> Since the Virtuozzo VPS iptables ip_conntrack_ftp kernel module is currently broken you have to open a PASV port hole in iptables for incoming FTP connections to work correctly. See the csf readme.txt under 'A note about FTP Connection Issues' on how to do this

Check nameservers -> At least one of the configured nameservers:
ns1.site.com
ns2.site.com
should be located in a topologically and geographically dispersed location on the Internet - See RFC 2182 (Section 3.1

با سلام
الان وقتی سرور رو روشن می کنم بلافاصله مصرف رم خیلی بالا میره و سرور خاموش میشه ! کسی علت رو می دونه ؟

اگه تو انجمن خود دايركت ادمين بگردي همه اينا رو توضيح داده چيكار كني
الن به من ريتي كه داده 74 هستش
DirectAdmin Forums - Powered by vBulletin (http://www.directadmin.com/forum/)