Ubuntu 12.04 upgrade to 14.04: Unterschied zwischen den Versionen

Aus crazylinux.de
Zur Navigation springen Zur Suche springen
K (d)
 
Zeile 190: Zeile 190:


https://www.digitalocean.com/community/tutorials/migrating-your-apache-configuration-from-2-2-to-2-4-syntax
https://www.digitalocean.com/community/tutorials/migrating-your-apache-configuration-from-2-2-to-2-4-syntax
http://www.the-art-of-web.com/system/apache-authorization/


https://httpd.apache.org/docs/trunk/upgrading.html
https://httpd.apache.org/docs/trunk/upgrading.html

Aktuelle Version vom 24. September 2016, 22:06 Uhr

no mirror found

https://repogen.simplylinux.ch/

http://wiki.hetzner.de/index.php/Hetzner_Aptitude_Mirror#Ubuntu_14.04_Trusty_Tahr

sonstiges

Remove: apache2-prefork-dev libapache2-mod-auth-pam 
  libapache2-mod-auth-sys-group 
Removing libapache2-mod-auth-sys-group (1.1.1-9) ...
ERROR: Can't open /etc/apache2/mods-enabled/authz_default.load: No such file or directoryERROR: Can't open /etc/apache2/mods-enabled/mod-evasive.load: No such file or directoryModule auth_sys_group disabled.

/etc/apache2/mods-available/status.conf

-<Location /member/server-status>
-    SetHandler server-status
-    Order deny,allow
-    Deny from all
-    Allow from 127.0.0.1 ::1 5.9xxx
-#    Allow from 192.0.2.0/24
-</Location>
-
-# Keep track of extended status information for each request
-ExtendedStatus On


/etc/apache2/mods-available/ssl.conf
-#against BEAST
-SSLHonorCipherOrder On

-#with rc4
-SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"

-# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
-SSLProtocol all -SSLv2 -SSLv3

/etc/apache2/apache2.conf
-LogFormat "%{Host}i %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined

/etc/modsecurity # rm /etc/modsecurity/modsecurity_crs_10_config.conf
/etc/modsecurity # ln -s /usr/share/modsecurity-crs/modsecurity_crs_10_setup.conf
/etc/modsecurity # rm /etc/modsecurity/activated_optional_rules/modsecurity_crs_40_experimental.conf
a2dismod mod-security

/etc/apache2/mods-available # vi security2.conf 

agi php5-apcu
agi libapache2-php5

php.ini
short_open_tag = On
memory_limit = 512M
html_errors = Off

apache
+++++++++++

    <IfVersion >= 2.4>
    Require all granted
    </IfVersion>
    <IfVersion < 2.4>
    Order allow,deny
    Allow from all
    </IfVersion>

/etc/init.d/php5-fpm
-# Set the sockets group
-chgrp www-data /var/run/php5-fpm.sock

-        # Set the sockets group
-        chgrp www-data /var/run/php5-fpm.sock

/etc/php5/fpm/pool.d/www.conf
-;listen = 127.0.0.1:9000
 listen = /var/run/php5-fpm.sock

php.ini.fpm
 -disable_functions =                                                                                                                                                          
  pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_sig     
  nal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,symlink,exec,syste     
  m,passthru,shell_exec,proc__open,proc_nice,ini_restore
 -expose_php = Off                                                                                                                                                             
  +expose_php = On
  -memory_limit = 612M                                                                                                                                                          
  +memory_limit = 128M 
 -html_errors = Off                                                                                                                                                            
  +html_errors = On
-post_max_size = 500M
upload_max_filesize = 500M
-date.timezone = "Europe/Berlin"
-session.hash_function = sha512

/etc/snmp/snmp.conf
-mibs :NET-SNMP-EXTEND-MIB




/etc/default/snmpd
-export MIBS=NET-SNMP-EXTEND-MIB
+export MIBS=
 
 
 # snmpd options (use syslog, close stdin/out/err).
-SNMPDOPTS='-LS 3 d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
+SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /var/run/snmpd.pid'
 

/etc/default/grub
-GRUB_PRELOAD_MODULES="lvm"


Setting up pure-ftpd-mysql (1.0.36-1.1) ...
Starting ftp server: /usr/sbin/pure-ftpd-wrapper: Invalid configuration file /etc/pure-ftpd/conf/TLSCipherSuite: No corresponding directive
invoke-rc.d: initscript pure-ftpd-mysql, action "start" failed.
                        'AllowUserFXP' => ['-w'],
                        'TLSCipherSuite' => ['-J %s', \&parse_string],

/etc/default/shorewall
-startup=1


awstats
/var/lib/awstats -> /srv/www/awstats/

/etc/awstats/awstats.conf
SiteDomain="myxxxxx.de"
LoadPlugin="geoip GEOIP_STANDARD /usr/share/GeoIP/GeoIP.dat"


/etc/shorewall/shorewall.conf
-LOGFILE=/var/log/syslog

/etc/sudoers
+Defaults       mail_badpass

/etc/fail2ban/jail.conf
-ignoreip = 127.0.0.1/8 5.xxx 192.168.230.178
-destemail = admin@myxxxx.de
-banaction = shorewall

 [pam-generic]
 
-enabled  = true
 [postfix]
 
-enabled  = true


/etc/sysctl.conf 
-# IP Spoofing protection
-net.ipv4.conf.all.rp_filter = 1
-net.ipv4.conf.default.rp_filter = 1
-
-# Ignore ICMP broadcast requests
-net.ipv4.icmp_echo_ignore_broadcasts = 1
-
-# Disable source packet routing
-net.ipv4.conf.all.accept_source_route = 0
-net.ipv6.conf.all.accept_source_route = 0 
-net.ipv4.conf.default.accept_source_route = 0
-net.ipv6.conf.default.accept_source_route = 0
-
-# Ignore send redirects
-net.ipv4.conf.all.send_redirects = 0
-net.ipv4.conf.default.send_redirects = 0
-
-# Block SYN attacks
-net.ipv4.tcp_syncookies = 1
-net.ipv4.tcp_max_syn_backlog = 2048
-net.ipv4.tcp_synack_retries = 2
-net.ipv4.tcp_syn_retries = 5
-
-# Log Martians
-net.ipv4.conf.all.log_martians = 1
-net.ipv4.icmp_ignore_bogus_error_responses = 1
-
-# Ignore ICMP redirects
-net.ipv4.conf.all.accept_redirects = 0
-net.ipv6.conf.all.accept_redirects = 0
-net.ipv4.conf.default.accept_redirects = 0 
-net.ipv6.conf.default.accept_redirects = 0


Links

https://mail.python.org/pipermail/mailman-users/2014-June/077365.html

https://www.digitalocean.com/community/tutorials/migrating-your-apache-configuration-from-2-2-to-2-4-syntax

http://www.the-art-of-web.com/system/apache-authorization/

https://httpd.apache.org/docs/trunk/upgrading.html