swap | /dev/sda1 | 2 GB |
/ | /dev/sda2 | 15-20 GB |
/boot | /dev/sda3 | 1 GB |
/home | /dev/sda5 | >30 GB |
/var | /dev/sda6 | >30 GB |
/var/www | /dev/sdb1 | |
/tmp | /dev/sda7 | 2 GB |
# Large disks support # Allow booting past 1024th cylinder with a recent BIOS lba32 # Wait to boot for 5sec timeout = 50 image = /boot/vmlinuz root = /dev/sda2 label = Linux read-only # If kernels goes to oops mode restart system in 60 sec append="panic=60"Make conf file editable only to root
chmod 600 /etc/lilo.conf
/dev/sda1 swap swap defaults 0 0 /dev/sda2 / ext4 defaults,commit=60,noatime 1 1 /dev/sda3 /boot ext4 defaults,ro 1 2 /dev/sda5 /home ext4 defaults,nosuid 1 2 /dev/sda6 /var ext4 defaults 1 2 /dev/sda7 /tmp ext4 defaults,nosuid 1 2 /dev/sdb1 /var/www ext4 defaults,nosuid,noexec,commit=60 1 2
mount / -oremount mount /boot -oremount mount /home -oremount mount /tmp -oremount mount /var/www -oremount
tune2fs -m 0 /dev/sdb1Tune settings
tune2fs -m 3 /dev/sdb2 tune2fs -m 0 /dev/sda5 tune2fs -m 0 /dev/sdb1 # or by blocks tune2fs -r 143256 /dev/sdb1
dd if=/dev/zero of=/var/tmp/swapfile bs=1M count=3000 mkswap /var/tmp/swapfile swapon /var/tmp/swapfileTo ensure that the swap file is turned on automatically at system startup, add to /etc/fstab:
/var/tmp/swapfile none swap sw 0 0
# Auto logout user when inactive 2h export TMOUT=7200 # Remove bash histroy on logout export HISTFILESIZE=0
order bind, hosts multi on nospoof on
/etc/rc.d/rc.inetd restart
userdel news groupdel news userdel games groupdel games userdel operator userdel shutdown
LoginGraceTime 60 PermitRootLogin forced-commands-only PermitEmptyPasswords no X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost norestart
/etc/rc.d/rc.sshd restart
installpkg shorewall-core-5.0.8.2-noarch-1_SBo.tgz installpkg shorewall-5.0.8.2-noarch-1_SBo.tgz/etc/shorewall/actions
net eth0 routefilter,logmartians loc eth1 loc ppp+ vpn tun+/etc/shorewall/masq
eth0 192.168.0.0/24 eth0 10.8.2.0/24/etc/shorewall/policy
loc net ACCEPT fw fw ACCEPT vpn all ACCEPT net all DROP info all all REJECT info/etc/shorewall/tunnels
pptpserver net 0.0.0.0/0 openvpnserver net 0.0.0.0/0/etc/shorewall/zones
fw firewall net ipv4 loc ipv4 vpn ipv4/etc/shorewall/shorewall.conf
STARTUP_ENABLED=yes
tar xvfz logwatch-*.tar.gz cd logwatch-* sh install_logwatch.shinstall freeipmi (https://www.gnu.org/software/freeipmi)
#Output sensors stats my $pathto_sensors = $ENV{'pathto_sensors'} || '/usr/local/sbin/ipmi-sensors'; my $get_kvm_status = $ENV{'get_kvm_status'} || 'grep -c "QEMU Virtual CPU" /proc/cpuinfo'; my $kvm = qx($get_kvm_status); if ($kvm == 0 and (($ENV{PRINTING} eq 'y') or $Detail)) { my $sensors = qx($pathto_sensors --ignore-not-available-sensors | grep -v -E 'OK|Device Inserted/Device Present|Presence detected'); if ($sensors) { print $sensors; } }/etc/logwatch/conf/logwatch.conf
Output = mail MailTo = gorazd@ineta.si MailFrom = root Detail = 1 #Service = "-amavis" Service = "-zz-lm_sensors"
chmod u+x /etc/rc.d/rc.bind chmod 600 /etc/named.conf rndc refresh /etc/rc.bind restart
touch /etc/vsftpd.chroot_list chmod 600 /etc/vsftpd.chroot_list echo "421 Server busy, please try later." > /etc/vsftpd.busy_banner/etc/vsftpd.conf
anonymous_enable=NO local_enable=YES write_enable=YES dirmessage_enable=NO idle_session_timeout=600 data_connection_timeout=120 nopriv_user=ftp async_abor_enable=YES ftpd_banner=FTP chroot_local_user=YES chroot_list_file=/etc/vsftpd.chroot_list ls_recurse_enable=NO check_shell=YES hide_ids=YES virtual_use_local_privs=YES
max_allowed_packet = 32M/etc/my.cnf.d/server.cnf
federated skip-external-locking default-character-set = utf8 log_bin = mysql-bin binlog_format = row expire_logs_days = 10 event-scheduler = ON max_connections = 500 net_buffer_length = 1M key_buffer_size = 384M table_open_cache = 512 sort_buffer_size = 4M read_buffer_size = 2M read_rnd_buffer_size = 8M thread_cache_size = 8 query_cache_size = 32M server_id = 1 sync_binlog = 1 tmpdir = /tmp:/var/tmp:/usr/tmp
installpkg acpica-20160108-i486-1_SBo.tgz installpkg gsoap-2.8.8-i486-1_SBo.tgz installpkg vde2-2.3.2-i486-1_SBo.tgz installpkg virtualbox-kernel-5.0.14_4.4.14_smp-i486-1_SBo.tgz groupadd -g 215 vboxusers useradd -u 240 -g 215 -d /var/lib/vboxweb vboxwebvirtualbox.tar.gz: virtualbox.SlackBuild
#HEADLESS=yes #WEBSERVICE=yes
installpkg virtualbox-5.0.14-i486-1_SBo.tgz installpkg virtualbox-extension-pack-5.0.14-i486-1_SBo.tgz
Host bravo-rsnapshot Hostname bravo.bravogroup.org IdentityFile /root/.ssh/id_rsa Host student-rsnapshot Hostname student.bravogroup.org IdentityFile /root/.ssh/id_rsacreate key, copy it to remote server and try logon without password
ssh-keygen ssh-copy-id -i ~/.ssh/id_rsa.pub backup@bravo.bravogroup.org ssh backup@bravo.bravogroup.org ssh backup@bravo-rsnapshoton remote client (backup content) add some logon restriction to /home/backup/.ssh/authorized_keys
from="192.168.0.0/24,84.255.243.53",command="/home/backup/.ssh/validate-rsync.sh" ssh-rsa ...copy also bash script validate-rsync.sh
backup ALL=(root) NOPASSWD:/usr/bin/rsyncsd
© 2003-24 iNeta d.o.o. | Koroška cesta 31, SI-4000 Kranj | info@ineta.si | Pravno obvestilo
Powered by BravoCMS