Thursday, January 24, 2013

ปิด service linux ที่ไม่จำเป็นซ่ะ


Disable Unnecessary Services
สามารถตรวจสอบ service ได้จาก command
  command:  /sbin/chkconfig --list

service ด้านล่างนี้ ถ้าเจอว่ามัน run level 5 ก็ไม่ให้มันรันซ่ะ

command:/sbin/chkconfig servicename off



credit http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf
Service ที่ควรปิด 
anacron
haldaemon
messagebus
apmd
hidd
microcode_ctl
autofs
hplip*
pcscd
avahi-daemon*
isdn
readahead_early
bluetooth
kdump
readahead_later
cups*
kudzu
rhnsd*
firstboot
mcstrans
setroubleshoot
gpm
mdmonitor
xfs

phpMyAdmin forbidden CentOS 6.3

After yum install and restart httpd. When you start phpmyadmin with browser. it's 403 error forbidden
so Fix it
#vi /etc/httpd/conf.d/phpMyAdmin.conf

and you change in word  Allow from 127.0.0.1 to Allow from All
.. 
<IfModule !mod_authz_core.c>    
# Apache 2.2     
Order Deny,Allow     
Deny from All     
#Allow from 127.0.0.1     
  Allow from All   
  Allow from ::1   
</IfModule>
..

and restart httpd again

from Comment
Allow from address    (Private IP server)

.. 
<IfModule !mod_authz_core.c>    
# Apache 2.2     
Order Deny,Allow     
Deny from All     
#Allow from 127.0.0.1     
  Allow from 192.168.100.xx
  Allow from 192.168.100.0/24   
  Allow from ::1   
</IfModule>
..


CentOS 7
#vi /etc/httpd/conf.d/phpMyAdmin.conf

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8
 
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       #Require ip 127.0.0.1
       #Require ip ::1
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>
 
<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       #Require ip 127.0.0.1
       #Require ip ::1
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>
 

Monday, January 14, 2013

config file vsftpd.conf


# Example config file /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
listen=YES
chroot_local_user=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

VirtualHost HTTP redirect to HTTPS

<VirtualHost *:80>     ServerName www.example.com     Redirect / https://www.example.com/ </VirtualHost> <VirtualHos...