Ubuntu 12.04 upgrade to 14.04
Zur Navigation springen
Zur Suche springen
no mirror found
https://repogen.simplylinux.ch/ http://wiki.hetzner.de/index.php/Hetzner_Aptitude_Mirror#Ubuntu_14.04_Trusty_Tahr
sonstiges
Remove: apache2-prefork-dev libapache2-mod-auth-pam
libapache2-mod-auth-sys-group
Removing libapache2-mod-auth-sys-group (1.1.1-9) ...
ERROR: Can't open /etc/apache2/mods-enabled/authz_default.load: No such file or directoryERROR: Can't open /etc/apache2/mods-enabled/mod-evasive.load: No such file or directoryModule auth_sys_group disabled.
/etc/apache2/mods-available/status.conf
-<Location /member/server-status>
- SetHandler server-status
- Order deny,allow
- Deny from all
- Allow from 127.0.0.1 ::1 5.9xxx
-# Allow from 192.0.2.0/24
-</Location>
-
-# Keep track of extended status information for each request
-ExtendedStatus On
/etc/apache2/mods-available/ssl.conf
-#against BEAST
-SSLHonorCipherOrder On
-#with rc4
-SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
-# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
-SSLProtocol all -SSLv2 -SSLv3
/etc/apache2/apache2.conf
-LogFormat "%{Host}i %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
/etc/modsecurity # rm /etc/modsecurity/modsecurity_crs_10_config.conf
/etc/modsecurity # ln -s /usr/share/modsecurity-crs/modsecurity_crs_10_setup.conf
/etc/modsecurity # rm /etc/modsecurity/activated_optional_rules/modsecurity_crs_40_experimental.conf
a2dismod mod-security
/etc/apache2/mods-available # vi security2.conf
agi php5-apcu
agi libapache2-php5
php.ini
short_open_tag = On
memory_limit = 512M
html_errors = Off
apache
+++++++++++
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
/etc/init.d/php5-fpm
-# Set the sockets group
-chgrp www-data /var/run/php5-fpm.sock
- # Set the sockets group
- chgrp www-data /var/run/php5-fpm.sock
/etc/php5/fpm/pool.d/www.conf
-;listen = 127.0.0.1:9000
listen = /var/run/php5-fpm.sock
php.ini.fpm
│ -disable_functions =
│ pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_sig
│ nal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,symlink,exec,syste
│ m,passthru,shell_exec,proc__open,proc_nice,ini_restore
│ -expose_php = Off
│ +expose_php = On
│ -memory_limit = 612M
│ +memory_limit = 128M
-html_errors = Off
│ +html_errors = On
-post_max_size = 500M
upload_max_filesize = 500M
-date.timezone = "Europe/Berlin"
-session.hash_function = sha512
/etc/snmp/snmp.conf
-mibs :NET-SNMP-EXTEND-MIB
/etc/default/snmpd
-export MIBS=NET-SNMP-EXTEND-MIB
+export MIBS=
# snmpd options (use syslog, close stdin/out/err).
-SNMPDOPTS='-LS 3 d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
+SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /var/run/snmpd.pid'
/etc/default/grub
-GRUB_PRELOAD_MODULES="lvm"
Setting up pure-ftpd-mysql (1.0.36-1.1) ...
Starting ftp server: /usr/sbin/pure-ftpd-wrapper: Invalid configuration file /etc/pure-ftpd/conf/TLSCipherSuite: No corresponding directive
invoke-rc.d: initscript pure-ftpd-mysql, action "start" failed.
'AllowUserFXP' => ['-w'],
'TLSCipherSuite' => ['-J %s', \&parse_string],
/etc/default/shorewall
-startup=1
awstats
/var/lib/awstats -> /srv/www/awstats/
/etc/awstats/awstats.conf
SiteDomain="myxxxxx.de"
LoadPlugin="geoip GEOIP_STANDARD /usr/share/GeoIP/GeoIP.dat"
/etc/shorewall/shorewall.conf
-LOGFILE=/var/log/syslog
/etc/sudoers
+Defaults mail_badpass
/etc/fail2ban/jail.conf
-ignoreip = 127.0.0.1/8 5.xxx 192.168.230.178
-destemail = admin@myxxxx.de
-banaction = shorewall
[pam-generic]
-enabled = true
[postfix]
-enabled = true
/etc/sysctl.conf
-# IP Spoofing protection
-net.ipv4.conf.all.rp_filter = 1
-net.ipv4.conf.default.rp_filter = 1
-
-# Ignore ICMP broadcast requests
-net.ipv4.icmp_echo_ignore_broadcasts = 1
-
-# Disable source packet routing
-net.ipv4.conf.all.accept_source_route = 0
-net.ipv6.conf.all.accept_source_route = 0
-net.ipv4.conf.default.accept_source_route = 0
-net.ipv6.conf.default.accept_source_route = 0
-
-# Ignore send redirects
-net.ipv4.conf.all.send_redirects = 0
-net.ipv4.conf.default.send_redirects = 0
-
-# Block SYN attacks
-net.ipv4.tcp_syncookies = 1
-net.ipv4.tcp_max_syn_backlog = 2048
-net.ipv4.tcp_synack_retries = 2
-net.ipv4.tcp_syn_retries = 5
-
-# Log Martians
-net.ipv4.conf.all.log_martians = 1
-net.ipv4.icmp_ignore_bogus_error_responses = 1
-
-# Ignore ICMP redirects
-net.ipv4.conf.all.accept_redirects = 0
-net.ipv6.conf.all.accept_redirects = 0
-net.ipv4.conf.default.accept_redirects = 0
-net.ipv6.conf.default.accept_redirects = 0