charlas_eventos:start
Diferencias
Muestra las diferencias entre dos versiones de la página.
Ambos lados, revisión anteriorRevisión previaPróxima revisión | Revisión previaPróxima revisiónAmbos lados, revisión siguiente | ||
charlas_eventos:start [2010/08/27 18:55] – cayu | charlas_eventos:start [2011/11/21 18:04] – cayu | ||
---|---|---|---|
Línea 1: | Línea 1: | ||
====== Charla y Eventos ====== | ====== Charla y Eventos ====== | ||
+ | [[charlas_eventos: | ||
- | ===== Servidores VPS ===== | ||
- | Servidor Debian base instalado | + | [[charlas_eventos: |
- | ==== Servicio Web ==== | ||
- | < | + | [[charlas_eventos:Uso de la consola Linux|]] //Taller |
- | apt-get install apache2 php5 php5-mysql mysql-server mysql-client | + | |
- | </ | + | |
- | + | ||
- | / | + | |
- | < | + | |
- | ExtendedStatus On | + | |
- | </ | + | |
- | + | ||
- | / | + | |
- | + | ||
- | < | + | |
- | < | + | |
- | ServerAdmin webmaster@localhost | + | |
- | ServerName | + | |
- | ServerAlias www.misitio.com.ar | + | |
- | DocumentRoot / | + | |
- | AccessFileName .htaccess | + | |
- | CustomLog / | + | |
- | ErrorLog | + | |
- | LogLevel warn | + | |
- | ServerSignature Off | + | |
- | < | + | |
- | < | + | |
- | RewriteEngine On | + | |
- | RewriteBase / | + | |
- | RewriteCond %{REQUEST_FILENAME} !-f | + | |
- | RewriteCond %{REQUEST_FILENAME} !-d | + | |
- | RewriteRule . / | + | |
- | </ | + | |
- | SetEnvIfNoCase User-Agent ^$ bad_bot | + | |
- | SetEnvIf User-Agent ^MaMa$ bad_bot | + | |
- | SetEnvIfNoCase Referer (totalh) bad_bot | + | |
- | SetEnvIfNoCase Referer (unic77) bad_bot | + | |
- | SetEnvIfNoCase Referer (http:// | + | |
- | SetEnvIfNoCase Referer (http:// | + | |
- | SetEnvIfNoCase Referer (sitemap.html) bad_bot | + | |
- | SetEnvIfNoCase Referer (poker) bad_bot | + | |
- | SetEnvIfNoCase Referer sitemap.html bad_bot | + | |
- | SetEnvIfNoCase Request_URI " | + | |
- | SetEnvIfNoCase Request_URI " | + | |
- | SetEnvIfNoCase request_uri ^contact\.php$ bad_bot | + | |
- | + | ||
- | <Limit GET POST HEAD> | + | |
- | Order Allow, | + | |
- | Allow from all | + | |
- | Deny from env=bad_bot | + | |
- | </ | + | |
- | + | ||
- | Options FollowSymLinks Indexes MultiViews | + | |
- | AllowOverride None | + | |
- | Deny from env=bad_bot | + | |
- | </ | + | |
- | < | + | |
- | Options Indexes FollowSymLinks MultiViews | + | |
- | AllowOverride None | + | |
- | Order allow, | + | |
- | allow from all | + | |
- | </ | + | |
- | </ | + | |
- | </ | + | |
- | + | ||
- | / | + | |
- | < | + | |
- | < | + | |
- | # http:// | + | |
- | < | + | |
- | AuthType Basic | + | |
- | AuthName " | + | |
- | SetHandler server-status | + | |
- | Order allow, | + | |
- | Allow from all | + | |
- | AuthUserFile | + | |
- | require valid-user | + | |
- | </ | + | |
- | </ | + | |
- | </ | + | |
- | + | ||
- | + | ||
- | ==== Servicio SSH ==== | + | |
- | + | ||
- | < | + | |
- | Port 2222 | + | |
- | # | + | |
- | Protocol 2 | + | |
- | LoginGraceTime 20 | + | |
- | PermitRootLogin no | + | |
- | PermitEmptyPasswords no | + | |
- | MaxAuthTries 2 | + | |
- | MaxStartups 2 | + | |
- | AllowUsers administrador | + | |
- | </ | + | |
- | + | ||
- | ==== Servicio de Backup ==== | + | |
- | + | ||
- | * Funciona sobre Rsync | + | |
- | * Centralizado, | + | |
- | * Actualiza los cambios realizados dentro | + | |
- | * Automatizado, | + | |
- | * System Imager http:// | + | |
- | + | ||
- | + | ||
- | ==== Servidor MySQL ==== | + | |
- | + | ||
- | < | + | |
- | [mysqld] | + | |
- | bind-address = 127.0.0.1 | + | |
- | key_buffer = 28M | + | |
- | max_allowed_packet = 1M | + | |
- | thread_stack = 128K | + | |
- | thread_cache_size = 8 | + | |
- | max_connections | + | |
- | table_cache | + | |
- | interactive_timeout | + | |
- | wait_timeout | + | |
- | thread_concurrency | + | |
- | query_cache_limit | + | |
- | query_cache_size | + | |
- | tmp_table_size = 48M | + | |
- | max_heap_table_size = 48M | + | |
- | skip-bdb | + | |
- | skip-innodb | + | |
- | </code> | + | |
- | + | ||
- | ==== Servidor FTP ==== | + | |
- | + | ||
- | /etc/ | + | |
- | + | ||
- | < | + | |
- | <Limit LOGIN> | + | |
- | AllowUser usuario1 | + | |
- | AllowUser usuario2 | + | |
- | DenyALL | + | |
- | </ | + | |
- | </ | + | |
- | + | ||
- | ==== Iptables ==== | + | |
- | + | ||
- | Bloquear ip's a mano | + | |
- | + | ||
- | < | + | |
- | iptables -A INPUT -s {ip o subnet} -j DROP | + | |
- | </ | + | |
- | + | ||
- | === Fail2ban === | + | |
- | + | ||
- | Fail2ban lee los logs (por ejemplo) / | + | |
- | + | ||
- | < | + | |
- | apt-get install fail2ban | + | |
- | </ | + | |
- | + | ||
- | **/ | + | |
- | + | ||
- | < | + | |
- | [DEFAULT] | + | |
- | ignoreip = 127.0.0.1 192.168.0.99 | + | |
- | bantime | + | |
- | maxretry = 3 | + | |
- | destemail = root@localhost | + | |
- | # Default action to take: ban only | + | |
- | action = iptables[name=%(__name__)s, | + | |
- | + | ||
- | [ssh] | + | |
- | enabled = true | + | |
- | port = ssh | + | |
- | filter | + | |
- | logpath | + | |
- | maxretry = 5 | + | |
- | + | ||
- | [apache] | + | |
- | enabled = true | + | |
- | port = http | + | |
- | filter | + | |
- | logpath = / | + | |
- | maxretry = 5 | + | |
- | + | ||
- | [apache-noscript] | + | |
- | enabled = false | + | |
- | port = http | + | |
- | filter | + | |
- | logpath = / | + | |
- | maxretry = 5 | + | |
- | + | ||
- | [vsftpd] | + | |
- | enabled | + | |
- | port = ftp | + | |
- | filter | + | |
- | logpath | + | |
- | maxretry = 5 | + | |
- | + | ||
- | [proftpd] | + | |
- | enabled | + | |
- | port = ftp | + | |
- | filter | + | |
- | logpath | + | |
- | failregex = proftpd: \(pam_unix\) authentication failure; .* rhost=< | + | |
- | maxretry = 5 | + | |
- | + | ||
- | [postfix] | + | |
- | enabled | + | |
- | port = smtp | + | |
- | filter | + | |
- | logpath | + | |
- | maxretry = 5 | + | |
- | + | ||
- | [courierpop3] | + | |
- | enabled | + | |
- | port = pop3 | + | |
- | filter | + | |
- | failregex = courierpop3login: | + | |
- | logpath | + | |
- | maxretry = 5 | + | |
- | + | ||
- | [courierimap] | + | |
- | enabled | + | |
- | port = imap2 | + | |
- | filter | + | |
- | failregex = imapd: LOGIN FAILED.*ip=\[.*:< | + | |
- | logpath | + | |
- | maxretry = 5 | + | |
- | + | ||
- | [sasl] | + | |
- | enabled | + | |
- | port = smtp | + | |
- | filter | + | |
- | failregex = warning: [-._\w]+\[< | + | |
- | logpath | + | |
- | maxretry = 5 | + | |
- | </ | + |
charlas_eventos/start.txt · Última modificación: 2014/10/22 13:42 por cayu