0.99刀不仅注册可以用，并且可以转移

优惠简介：

• 支付手段：信用卡
• 优惠内容：注册和转移域名只要2美元
• 使用条件：一张信用卡注册一个域名
• 限制条件：只能COM

优惠码：

[coupon code=”gofc7010c” /]

After the basic configuration of the VPS, you may follow the below mentioned steps to configure your server for security & stability.

1. Update all operating system packages

# yum upgrade -y

2. Update cPanel

# /scripts/upcp

3. Install CSF – ConfigServer Security & Firewall

# cd /usr/local/src
# wget http://www.configserver.com/free/csf.tgz
# tar -zxvf csf.tgz
# sh install.sh

4. Install & configure Rootkit Hunter

Download the latest version from http://downloads.sourceforge.net/rkhunter

# wget http://downloads.sourceforge.net/rkhunter/rkhunter-x.x.x.tar.gz
# tar -zxvf rkhunter-x.x.x.tar.gz
# cd rkhunter-x.x.x
# ./installer.sh –install

Now run a test scan using the following command:

# /usr/local/bin/rkhunter -c

Also you can set up daily scan report to your email address. Please do the following to set up daily scan reports.

# vi /etc/cron.daily/rkhunter.sh

Put the following in the file /etc/cron.daily/rkhunter.sh

===========================
#!/bin/bash
(/usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s “Daily Rkhunter Scan
Report” [email protected])
===========================

replace ’[email protected]’ with your email address.

Change the permission of /etc/cron.daily/rkhunter.sh

# chmod +x /etc/cron.daily/rkhunter.sh

5. Disable direct root login

Please follow the given steps to disable direct root login access to the server:

a. Create a user

# groupadd test
# useradd test -g test
# passwd test

b. Add user to the wheel group

# grep wheel /etc/group
wheel:x:10:root

Add the user test

wheel:x:10:root,test

For cPanel servers, do the following:

* Log into your WHM and click on “Manage Wheel Group Users”
* Select the user (Here it is “test”) and click “Add to group”

Now before disabling the root access, check if the user ‘test’ can login and su – to gain root privileges.

c. Disable direct root login

# vi /etc/ssh/sshd_config

Find the line “Protocol 2, 1”

Uncomment it & change it to “Protocol 2”

Next find the line “PermitRootLogin yes”, uncomment it & change it to “PermitRootLogin no”

Save the file.

6. Apply the following WHM security tweaks

a) Enable HTTP Authentication –> Off
Leaving this option disabled enables cookie authentication, helping to prevent certain types of XSRF attacks.

b) Initial default/catch-all forwarder destination –> Fail
Selecting Fail for this option causes the server to automatically discard unroutable email sent to your server’s new accounts. This option is the best at protecting your server against mail attacks.

c) Default Required Password Strength –> 40
This ensures a minimum password strength for accounts hosted by your server.

d) PHP open_basedir Tweak –> Enabled
PHP’s open_basedir protection prevents users from opening files outside of their home directory with php.

e) Apache mod_userdir Tweak –> Enabled
Apache’s mod_userdir allows users to view their sites by entering a tilde(~) and their username as the uri on a specific host. For example http://test.cpanel.net/~testuser/ will bring up the user testuser’s domain. The disadvantage of this feature is that any bandwidth usage used by this site will be put on the domain it is accessed under (in this case test.cpanel.net).

f) Compiler Access –> disabled for unprivileged users.
Many common exploits require a working C compiler on the system. This tweak allows you to deny compiler access to unprivileged users.

++++++++++++++++++++++++++++++++++++++
root@server [~]# /scripts/compilers off
Compilers are disabled for unprivileged users.
++++++++++++++++++++++++++++++++++++++

7. Apply the following PCI recommended changes in the Apache configuration.

ServerTokens –> ProductOnly
ServerSignature –> Off
TraceEnable –> Off
FileETag –> Off

8. Secure /tmp.

++++++++++++++++++++++++++++++++++++++
root@server [~]# /scripts/securetmp
Would you like to secure /tmp & /var/tmp at boot time? (y/n) y
Would you like to secure /tmp & /var/tmp now? (y/n) y
Securing /tmp & /var/tmp
/tmp is already secure
/var/tmp is already secure
Checking fstab for entries …Done
Logrotate TMPDIR already configured
Process Complete
++++++++++++++++++++++++++++++++++++++

9. Ensure that there are no world writable/executable in /tmp and /dev/shm/.

++++++++++++++++++++++++++++++++++++++
root@server [~]# find /tmp -type f -perm -777
root@server [~]# find /dev/shm/ -type f -perm -777
root@server [~]#
++++++++++++++++++++++++++++++++++++++

10. Disable ‘allow_url_fopen’ in the ‘php.ini’ file to prevent URL injection attacks

—-
allow_url_fopen => Off => Off
—-

11. Disable vulnerable PHP fucntions. Following functions are recommended to be disabled.

++++++++++++++++++++++++++++++++++++++
show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen, ini_set, copy ,error_log ,tempnam, proc_get_status, proc_nice,proc_open, proc_terminate, highlight_file, escape, shellcmd, pclose, pfsockopen, chgrp, posix_getpwuid, get_current_user, getmyuid, apache_child_terminate, define_syslog_variables, posix_kill ,posix_mkfifo ,posix_setpgid, posix_setuid
++++++++++++++++++++++++++++++++++++++

webbench最多可以模拟3万个并发连接去测试网站的负载能力，个人感觉要比Apache自带的ab压力测试工具好，安装使用也特别方便。

　　1、适用系统：Linux

　　2、编译安装：

　　3、使用：

　　参数说明：-c表示并发数，-t表示时间(秒)

　　4、测试结果示例：
引用
Webbench – Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.

Benchmarking: GET http://127.0.0.1/test.jpg
500 clients, running 30 sec.

Speed=3230 pages/min, 11614212 bytes/sec.
Requests: 1615 susceed, 0 failed.