ip_conntrack and APF issue
A server is limited to a certain number of TCP/IP connections that it can keep track of.
ip_conntrack is a module which has the limit set in its conntrack database. If the table exceeds this limit, even the legitimate packets will be dropped.
We usually tweak this parameter in the sysctl.conf file.
But if you have APF installed, even if you set the sysctl parameter, APF will reset the conntrack value, since APF configuration file has conntrack value set to 34576 by default. [SYSCTL_CONNTRACK="34576"].
So in servers having APF, you would need to increase the above parameter and then restart APF.
Tags: apf, ip_conntrack
RSYNC to backup your home DIR from your OLD server to New
Login to your new cPanel server as root user.
rsync -vrplogDtH –exclude=virtfs/ –progress -e ssh root@old-server-ip-address:/home/ /home/
Tags: backup, RSYNC
Basic Requirements for cpgsd
* gcc
* Perl 5+
* OpenSSL (including headers, usually in a separate package called something like openssl-devel or ssl-dev)
* Net::SSLeay perl module
* IO::Socket::SSL perl module
* IPC::Run perl module
Tags: cpgsd
configure the sshd server to disable password login and enable keys.
First - We need to generate a pair of keys.
ssh-keygen -v -t rsa -b 2048
and then
cat /home/buddy/.ssh/buddy_rsa.pub > /home/buddy/.ssh/authorized_keys
Editing the config file /etc/ssh/sshd_config
login to remote server using the password to configure the sshd server to disable password login and enable keys.
And then edit…
PermitRootLogin no
#Disable Login password
#PasswordAuthentication no
ChallengeResponseAuthentication no
#Allow forwarding yes
AllowTcpForwarding no
# Uncomment ‘PasswordAuthentication no’ line only after making sure that the key authentication is working properly.
# Disabling root login is recommended anyway, though not useful after disabling login password.
# Allow forwarding is not recommended for multi user hosting envirnoment where keys could be exposed. Anyway, we should only allow it if we intend to forward keys from server to server but keep all our keys on the local machine.
Tags: keys, SSH
SELinux Access Control
SELinux has 3 forms of access control:
Type Enforcement (TE): Type Enforcement is the primary mechanism of access control used in the targeted policy
Role-Based Access Control (RBAC): Based around SELinux users (not necessarily the same as the Linux user), but not used in the default targeted policy
Multi-Level Security (MLS): Not used and often hidden in the default targeted
policy.
Tags: Access, Control, SELinux
