Security & Firewall - csf v2.91 de Check Server Security Çıkan Hataları Nasıl Düzeltiriz
Bende Check Server Security Bastıgımda Bu Hatalar Çıkıyor Bazılarını Düzelttim Ama Bunları Düzeltemedim + Her Rebootan Sonra Firewall Status:
Stopped! [TEST MODE ENABLED]
Ayarlarında Aktif Etmeme Ragmen Bu Yazılar Degişmiyor
Check iptables is configured
WARNING
iptables is not configured. You should install csf and make sure that it is working correctly
---------
Check whether csf is in TESTING mode
WARNING
If the iptables firewall is working set TESTING to "0" in the Firewall Configuration
---------
Check csf LF_IMAPD option
WARNING
This option helps prevent brute force attacks on your server services
---------
Check /dev/shm is mounted noexec,nosuid
WARNING
/dev/shm isn't mounted with the noexec,nosuid options (currently: none). You should consider adding a mountpoint into /etc/fstab for /dev/shm with those options
----------
Check /etc/named.conf for recursion restrictions
WARNING
You have a local DNS server running but do not have any recursion restrictions set in /etc/named.conf. This is a security and performance risk and you should look at restricting recursive lookups to the local IP addresses only
----------
Check SSHv1 is disabled
WARNING
You should disable SSHv1 by editing /etc/ssh/sshd_config and setting:
Protocol 2
----------
Check SSH on non-standard port
WARNING
You might want to consider moving SSH to a non-standard port to avoid basic SSH port scans by editing /etc/ssh/sshd_config and setting:
Port nnnn
Where nnnn is a port of your choosing. Don't forget to open the port in the firewall first!
----------
Check SSH PasswordAuthentication
WARNING
For ultimate SSH security, you might want to consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication. For more information read
this article and
this article
-----------
Check Background Process Killer
WARNING
You should enable each item in the WHM >
Background Process Killer
-----------
Check exim for extended logging
WARNING
You should enable extended exim logging to enable easier tracking potential outgoing spam issues. Add:
log_selector = +arguments +subject
to the first textarea in the Advanced Mode Exim Configuration
Editor
-----------
Check server startup for cups
WARNING
On most servers cups isn't needed and should be stopped and disabled from starting, as it could pose a security threat. This service is currently enabled in init and can be disabled using:
service cups stop
chkconfig cups off
-----------
Check server startup for nfslock
WARNING
On most servers nfslock isn't needed and should be stopped and disabled from starting, as it could pose a security threat. This service is currently enabled in init and can be disabled using:
service nfslock stop
chkconfig nfslock off
-----------
Check server startup for rpcidmapd
WARNING
On most servers rpcidmapd isn't needed and should be stopped and disabled from starting, as it could pose a security threat. This service is currently enabled in init and can be disabled using:
service rpcidmapd stop
chkconfig rpcidmapd off,
-----------
Check server startup for anacron
WARNING
On most servers anacron isn't needed and should be stopped and disabled from starting, as it could pose a security threat. This service is currently enabled in init and can be disabled using:
service anacron stop
chkconfig anacron off
-----------
Biraz Uzun Oldu Ama Zamanı Olan Arkadaş Cevap Yazarsa Çok Sevirinim