چند مشکل مهم در csf

[SaMaN0861]

با سلام

من CSF رو کانفیگ کردم ولی هنوز بعضی قسمت هاش مورد داره :

At least one of the configured nameservers:
ns1.your-name.com
ns2.your-name.com
should be located in a topologically and geographically dispersed location on the Internet - See RFC 2182 (Section 3.1)
====================================
You should recompile PHP with Suhosin to add greater security to PHP
====================================
Cipher list []. Due to weaknesses in the SSLv2 cipher you should /etc/dovecot.conf and set ssl_cipher_list to explicitly exclude it. For example:
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
====================================
Cipher list []. Due to weaknesses in the SSLv2 cipher you should edit /etc/exim.conf and set tls_require_ciphers to explicitly exclude it. For example:
tls_require_ciphers=ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM :-LOW:-SSLv2:-EXP
===================================
You should enable extended exim logging to enable easier tracking potential outgoing spam issues. Add:
log_selector = +arguments +subject +received_recipients
to /etc/exim.conf
===================================
You should disable UseDNS by editing /etc/ssh/sshd_config and setting:
UseDNS no
Otherwise, lfd will be unable to track SSHD login failures successfully as the log files will not report IP addresses
===================================
For ultimate SSH security, you should consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication
===================================
You should consider moving SSH to a non-standard port [currently:22] to evade basic SSH port scans. Don't forget to open the port in the firewall first!
===================================
IPv6 appears to be enabled [ifconfig: fe80::219:66ff:feaa:2110/64 Scope:Link, ::1/128 Scope:Host]. If ip6tables is installed, you should enable the csf IPv6 firewall (IPV6 in csf.conf). To disable IPv6 on RHEL/CentOS you should follow this link, however since IPv6 will be required it is best to firewall the IPv6 ports.
===================================
The servers runlevel is currently set to 5. For a secure server environment you should only run the server at runlevel 3. You can fix this by editing /etc/inittab and changing the initdefault line to:
id:3:initdefault:
and then rebooting the server
===================================
/dev/shm is not mounted with the noexec,nosuid options (currently: none). You should modify the mountpoint in /etc/fstab for /dev/shm with those options and remount
===================================
/var/tmp should either be symlinked to /tmp or mounted as a filesystem
===================================
/tmp should be mounted as a separate filesystem with the noexec,nosuid options set
===================================
This option closes a window of opportunity that opens when dynamic chain updates occur
===================================

این تمام ارور هایی هست که داره . لطفا کمک کنید

---------- Post added at 07:17 PM ---------- Previous post was at 06:42 PM ----------

دوستان لطفا کمک کنید

[shafiei7]

At least one of the configured nameservers:
ns1.your-name.com
ns2.your-name.com
should be located in a topologically and geographically dispersed location on the Internet - See RFC 2182 (Section 3.1)
این که باید ای پی دی ان اس ها کلا رنجش فرق کنه با ای پی سرور
----------
You should recompile PHP with Suhosin to add greater security to PHP
باید نصب کنید از آپاچی Suhosin
----------
For ultimate SSH security, you should consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication
باید ورود به اس اس اپ با پسوورد رو ببندید. و با پابلیک کی وارد بشید.
---------
This option closes a window of opportunity that opens when dynamic chain updates occur
توی تنظیمات فایروال باید تیک بخوره
---------
/tmp should be mounted as a separate filesystem with the noexec,nosuid options set
باید فولدر سکور بشه
---------
IPv6 appears to be enabled [ifconfig: fe80::219:66ff:feaa:2110/64 Scope:Link, ::1/128 Scope:Host]. If ip6tables is installed, you should enable the csf IPv6 firewall (IPV6 in csf.conf). To disable IPv6 on RHEL/CentOS you should follow this link, however since IPv6 will be required it is best to firewall the IPv6 ports.
باید IPv6 فعال بشه
----------
You should consider moving SSH to a non-standard port [currently:22] to evade basic SSH port scans. Don't forget to open the port in the firewall first!
باید پورت اس اس اچ تغییر بدید به یک عدد دیگه
----------

مابقی یا در قسمت # Tweak Settings تیکش بزنید یا توضحات بخونید گفته چیکار کنید.

[SaMaN0861]

At least one of the configured nameservers:
ns1.your-name.com
ns2.your-name.com
should be located in a topologically and geographically dispersed location on the Internet - See RFC 2182 (Section 3.1)
این که باید ای پی دی ان اس ها کلا رنجش فرق کنه با ای پی سرور
----------
You should recompile PHP with Suhosin to add greater security to PHP
باید نصب کنید از آپاچی Suhosin
----------
For ultimate SSH security, you should consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication
باید ورود به اس اس اپ با پسوورد رو ببندید. و با پابلیک کی وارد بشید.
---------
This option closes a window of opportunity that opens when dynamic chain updates occur
توی تنظیمات فایروال باید تیک بخوره
---------
/tmp should be mounted as a separate filesystem with the noexec,nosuid options set
باید فولدر سکور بشه
---------
IPv6 appears to be enabled [ifconfig: fe80::219:66ff:feaa:2110/64 Scope:Link, ::1/128 Scope:Host]. If ip6tables is installed, you should enable the csf IPv6 firewall (IPV6 in csf.conf). To disable IPv6 on RHEL/CentOS you should follow this link, however since IPv6 will be required it is best to firewall the IPv6 ports.
باید IPv6 فعال بشه
----------
You should consider moving SSH to a non-standard port [currently:22] to evade basic SSH port scans. Don't forget to open the port in the firewall first!
باید پورت اس اس اچ تغییر بدید به یک عدد دیگه
----------

مابقی یا در قسمت # Tweak Settings تیکش بزنید یا توضحات بخونید گفته چیکار کنید.

داداش کنترل پنل DirectAdmin هستش .

[shafiei7]

فرقی نداره چی باشه کنترل پانل چون اکثرش از اس اس اچ باید درست بشه

[mohsen1]

دکمه تشکر رو بی دلیل زیر پست ها نزاشتند!