Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- dpkg-reconfigure dash # don't like dash, use bash
- aptitude install bash-completion mc htop rsync locate nload ntp ntpdate postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils bind9 build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold dnsutils libexpat1 fail2ban ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libruby libapache2-mod-ruby libapache2-mod-python pure-ftpd-common pure-ftpd-mysql quota quotatool php5-curl php5-intl php5-memcache php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php5-xcache libapache2-mod-fastcgi php5-fpm memcached vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl
- med /etc/mysql/my.cnf # einkommentieren der bind-adress
- ~~
- # bind-address = 127.0.0.1
- ~~
- service mysql restart
- med /etc/postfix/master.cf
- ~~
- submission inet n - - - - smtpd
- -o syslog_name=postfix/submission
- -o smtpd_tls_security_level=encrypt
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_client_restrictions=permit_sasl_authenticated,reject
- # -o milter_macro_daemon_name=ORIGINATING
- smtps inet n - - - - smtpd
- -o syslog_name=postfix/smtps
- -o smtpd_tls_wrappermode=yes
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_client_restrictions=permit_sasl_authenticated,reject
- # -o milter_macro_daemon_name=ORIGINATING
- ~~
- service postfix restart # postfix mit neuer Konfiguration neu starten
- service spamassassin stop # falls er laufen sollte
- update-rc.d -f spamassassin remove # verhindern das bei einem Neustart mit startet
- a2enmod suexec rewrite ssl actions include dav_fs dav auth_digest actions fastcgi alias
- med /etc/apache2/mods-available/suphp.conf # kann komplett ersetzt werden
- ~~
- <IfModule mod_suphp.c>
- #<FilesMatch "\.ph(p3?|tml)$">
- # SetHandler application/x-httpd-suphp
- #</FilesMatch>
- AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml
- suPHP_AddHandler application/x-httpd-suphp
- <Directory />
- suPHP_Engine on
- </Directory>
- # By default, disable suPHP for debian packaged web applications as files
- # are owned by root and cannot be executed by suPHP because of min_uid.
- <Directory /usr/share>
- suPHP_Engine off
- </Directory>
- # # Use a specific php config file (a dir which contains a php.ini file)
- # suPHP_ConfigPath /etc/php5/cgi/suphp/
- # # Tells mod_suphp NOT to handle requests with the type <mime-type>.
- # suPHP_RemoveHandler <mime-type>
- </IfModule>
- ~~
- service apache2 restart
- med /etc/default/pure-ftpd-common # VIRTUALCHROOT=true (default = false)
- ~~
- VIRTUALCHROOT=true
- ~~
- echo 1 > /etc/pure-ftpd/conf/TLS
- mkdir -p /etc/ssl/private/
- openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
- ~~
- Country Name (2 letter code) [AU]:DE
- State or Province Name (full name) [Some-State]:Bundesland
- Locality Name (eg, city) []:Stadt
- Organization Name (eg, company) [Internet Widgits Pty Ltd]:Institution
- Organizational Unit Name (eg, section) []:Abteilung
- Common Name (e.g. server FQDN or YOUR name) []:your.domain.de
- Email Address []:postmaster@your.domain.de
- ~~
- chmod 600 /etc/ssl/private/pure-ftpd.pem
- service pure-ftpd-mysql restart
- med /etc/fstab # qutoa aktivieren
- ~~
- # /etc/fstab: static file system information.
- #
- # <file system> <mount point> <type> <options> <dump> <pass>
- proc /proc proc defaults 0 0
- devpts /dev/pts devpts rw,noexec,nosuid,gid=5,mode=620 0 0
- /dev/xvda1 none swap sw 0 0
- #/dev/xvda2 / ext4 errors=remount-ro 0 1
- /dev/xvda2 / ext4 errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0 1
- ~~
- mount -o remount /
- quotacheck -avugm
- quotaon -avug
- med /etc/cron.d/awstats # awstats cron und mails abschalten
- ~~
- #MAILTO=root
- #*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh
- # Generate static reports:
- #10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh
- ~~
- cd /tmp # jailkit nachinstallieren
- wget http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.gz
- tar xvfz jailkit-2.15.tar.gz
- cd jailkit-2.15
- ./debian/rules binary
- cd ..
- dpkg -i jailkit_2.15-1_*.deb
- rm -rf jailkit-2.15*
- med /etc/fail2ban/jail.local
- ~~
- [pureftpd]
- enabled = true
- port = ftp
- filter = pureftpd
- logpath = /var/log/syslog
- maxretry = 3
- [dovecot-pop3imap]
- enabled = true
- filter = dovecot-pop3imap
- action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
- logpath = /var/log/mail.log
- maxretry = 5
- [sasl]
- enabled = true
- port = smtp
- filter = sasl
- logpath = /var/log/mail.log
- maxretry = 3
- ~~
- med /etc/fail2ban/filter.d/pureftpd.conf
- ~~
- [Definition]
- failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
- ignoreregex =
- ~~
- med /etc/fail2ban/filter.d/dovecot-pop3imap.conf
- ~~
- [Definition]
- failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
- ignoreregex =
- ~~
- service fail2ban restart
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
