i have question about locking in homedir.. i bought few weeks ago debian box, and i need to create shell accounts with locking axx to user home directory.. or block access to other users directory..
chown 701? jail? how to?
a way to lock users in their directory. E.g. if I host a domain mydomain.com, I need that the owner of this domain can access (read, write, execute via ssh) only the folder www/mydomain.com and nothing else. The solution does not to be a ultrasecure one.
1] adjusting privileges (e.g. deny execute on dirs for the "others") seems a sure way to make the server unfunctional
2] rbash - when I set shell to rbash for a test user, the user can no longer connect to server through winscp
I'm trying to configure Apache logs to split logs files for every virtual host on the server
for example: {site1 .com} => copy access_log to /home/site1/public_html/logs {site2 .com} => copy access_log to /home/site2/public_html/logs .. {site3 .com} => copy access_log to /home/site3/public_html/logs
i want to also to make sure is the logs files updated in the real time
operating system is CentOs6, with Apache and cPanel
How do I lock SSH down to just my IP range and with a key?
View 7 Replies View RelatedIve been having some issues with my cpanel lately... it seems everytime I add an account via whm or a subdomain via cpanel it locks up when "Restarting Apache"
I have 2 identical servers, 1 runs fine... this one though ive reinstalled apache...multiple times with no results... now im reinstalling cpanel and it seems forzen at 50% and just says
Apache ... ... ... ... for about 100 lines.
[root@server001 root]# iptables --flush
[root@server001 root]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter mangle nat [ OK ]
Unloading iptables modules: [FAILED]
Applying iptables firewall rules: [ OK ]
As soon as I restarted it, I got locked out again. Disabling iptables enables me back in ssh. What can I do to fix this?
I don't know why, but the server locks up daily at different times of the day. I have to reboot, flush iptables and it will happen again hours later.
I don't know what to look for, what logs, etc.
I'm confident it is something within iptables
I have apf/bfd installed and dos deflate as well.
How can I trace this?
Nothing suspicious in /tmp either
I have a (dedicated) server out of control. It is managed by a 3rd party company who has never been able to get the spam and server load under control. Loads average over 5! and there is no activity in top other than sendmail and mailscanner (with Ensim).
I turned off mailscanner and sendmail while I typed this and server load went to .08.
I'm going to switch (dedicated) servers to a new provider (for reasons above plus a few others) which will include managed service from the server provider as well.
There are only a few programs that need to run on this server. VBulletin is the main concern.
I want to lock down all mail access. I want vbulletin to be able to send outgoing email as part of its administration and as part of its member notifications.
I don't want ANYONE OUTSIDE THE SERVER to be able to send mail through this server.
One idea I have had is to use DNS to assign all MX records of every domain on the machine to the free gmail service.
I have one domain on this machine (and important domain) that gets thousands and thousands of spam. I assigned its' MX records to NO-IP.com who filters and forwards email to me. That has worked - but server load never budged.
the load of my server is high,
i login whm and check the CPU/Memory/MySQL Usage
User Domain %CPU %MEM MySQL Processes
mysql 3.30 45.97 0.0
Top Process %CPU 1.0 /usr/sbin/mysqld --basedir/ --datadir/var/lib/mysql --usermysql --pid-file/var/lib/mysql/hostname.com.pid --skip-locking
Top Process %CPU 0.7 /usr/sbin/mysqld --basedir/ --datadir/var/lib/mysql --usermysql --pid-file/var/lib/mysql/hostname.com.pid --skip-locking
Top Process %CPU 0.6 /usr/sbin/mysqld --basedir/ --datadir/var/lib/mysql --usermysql --pid-file/var/lib/mysql/hostname.com.pid --skip-locking
the values are higher before,
i want to ask what is skip-locking and if i add skip-locking in my.cnf,
will the problem been improved? and will it take any effect or problem?
I'm running apache to serve PHP files on (/home/www/) and thttpd to serve images on (/home/www/images)
thttpd runs on a different IP than apache, apache only listens to its IP.
After doing this, the number of apache processes decreased significantly, however performance has gone down, and apache is starting to crash very frequently (swapping).
Could there be a file-locking issue? Do I have to separate the images folder from the www folder?
I've seen that a similar topic was posted earlier today, but I have more specific question. I'm looking for the e-mail only hosting. Requirements:
* dedicated IP
* SMTP + SSL (TLS)
* POP3/IMAP + SSL (TLS)
* up to 10 e-mail addresses from various domains
* forwarders (10 or more)
* 1-5 GB storage
* 10 GB bandwidth
* budget: the less the better, but I'll pay any reasonable amount of money if the service is good. Basically I need to find a provider at which I can keep my e-mail address once and for all. (I need a few e-mails only, a few forwarders, 100 MB storage and 1 GB bandwidth but I stated more so I don't run out on resources)
Is there any significant difference between SSL and TLS or is it all mainly in the proprietary vs open standard?
Is there any good reason why not to use Google Apps for this purpose? I've read that some people are concerned about privacy. Is there any pro that can comment on this (privacy issue) and remain objective?
One last (dumb?) question. What is the purpose of domain locking? Before AuthCodes were introduced I could see the reason for locking domains, but why would anyone want to lock the domain these days? (and yet I see majority still does) I mean, noone can initiate the transfer without providing AuthCode (can he?) and isn't that alone good enough to keep the domain safe? And if someone manages to gain control to the control panel to read AuthCode then he can easily unlock the domain so I see no additional layer of security.
