چند مشکل مهم در csf
با سلام
من CSF رو کانفیگ کردم ولی هنوز بعضی قسمت هاش مورد داره :
At least one of the configured nameservers:
ns1.your-name.com
ns2.your-name.com
should be located in a topologically and geographically dispersed location on the Internet - See RFC 2182 (Section 3.1)
====================================
You should recompile PHP with Suhosin to add greater security to PHP
====================================
Cipher list []. Due to weaknesses in the SSLv2 cipher you should /etc/dovecot.conf and set ssl_cipher_list to explicitly exclude it. For example:
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
====================================
Cipher list []. Due to weaknesses in the SSLv2 cipher you should edit /etc/exim.conf and set tls_require_ciphers to explicitly exclude it. For example:
tls_require_ciphers=ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM :-LOW:-SSLv2:-EXP
===================================
You should enable extended exim logging to enable easier tracking potential outgoing spam issues. Add:
log_selector = +arguments +subject +received_recipients
to /etc/exim.conf
===================================
You should disable UseDNS by editing /etc/ssh/sshd_config and setting:
UseDNS no
Otherwise, lfd will be unable to track SSHD login failures successfully as the log files will not report IP addresses
===================================
For ultimate SSH security, you should consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication
===================================
You should consider moving SSH to a non-standard port [currently:22] to evade basic SSH port scans. Don't forget to open the port in the firewall first!
===================================
IPv6 appears to be enabled [ifconfig: fe80::219:66ff:feaa:2110/64 Scope:Link, ::1/128 Scope:Host]. If ip6tables is installed, you should enable the csf IPv6 firewall (IPV6 in csf.conf). To disable IPv6 on RHEL/CentOS you should follow this link, however since IPv6 will be required it is best to firewall the IPv6 ports.
===================================
The servers runlevel is currently set to 5. For a secure server environment you should only run the server at runlevel 3. You can fix this by editing /etc/inittab and changing the initdefault line to:
id:3:initdefault:
and then rebooting the server
===================================
/dev/shm is not mounted with the noexec,nosuid options (currently: none). You should modify the mountpoint in /etc/fstab for /dev/shm with those options and remount
===================================
/var/tmp should either be symlinked to /tmp or mounted as a filesystem
===================================
/tmp should be mounted as a separate filesystem with the noexec,nosuid options set
===================================
This option closes a window of opportunity that opens when dynamic chain updates occur
===================================
این تمام ارور هایی هست که داره . لطفا کمک کنید
---------- Post added at 07:17 PM ---------- Previous post was at 06:42 PM ----------
دوستان لطفا کمک کنید
پاسخ با نقل قول
نوشته اصلی توسط shafiei7
