/usr/local/vesta/data/users/admin/ssl
Category GNU/Linux
VestaCP Restore backup tar file
sudo /usr/local/vesta/bin/v-restore-user admin admin.2014-01-14.tar
NOTES:
- Change DNS settings if IP address is changed!
- Extra database users are NOT restored! You have to create them again.
Access Logs in Linux
CentOS 6:
Setup: /etc/logrotate.conf
Logs: /var/log
Secure Webmail on VestaCP
/etc/httpd/conf.d/roundcubemail.conf
Change lines:
Alias /webmail /usr/share/roundcubemail
Tested on centos-6-x86-minimal
Secure PhpMyAdmin on VestaCP/HestiaCP
Edit file:
/etc/httpd/conf.d/phpMyAdmin.conf
or
/etc/apache2/conf.d/phpmyadmin.conf
Change lines:
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
Tested on centos-6-x86-minimal (httpd)
Tested on Debian 10.9 (x86_64) (apache2)
Apache httpd Security Tips
ServerSignature Off ServerTokens Prod
Raspberry Pi Raspbian Location: /etc/apache2/conf-available/security.conf
Update regularly
httpd -v
yum update httpd apt-get install apache2
Disable /icons/ directory listing
- Edit /etc/httpd/conf.d/autoindex.conf
- Comment line: # Alias /icons/ “/usr/share/httpd/icons/”
- Disabling icons listing prevents non-loading image in diretory listings!
HTTPOnly and Secure cookie flag
Check cookie page using: https://gf.dev/secure-cookie-test
Add the line below to the file /etc/httpd/conf/httpd.conf (CentOS 7 – VestaCP)
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Restart Apache
service httpd restart
Security on CentOS 6
SSH, FTP
Login attempts file: /var/log/secure
Change SSH port from 22 to something else.
Change FTP port from 21 to something else.
Windows & Linux & Mac Uptime
Learn run time before last boot.
Windows:
systeminfo | find "System Boot Time:"
or
Task Manager -> Performance
Linux & Mac:
uptime
Note: System boot time is wrong on Windows 10.
Solution:
- Press Windows key + r
- Type services.msc
- Click Windows Time
- Alternate click and then click Properties
- Change Startup type to Automatic
- Click Start if the service isn’t started
WordPress VestaCP User Permission
Change ownership from root to (Vesta user) admin:chown -R admin:admin /home/admin/web/domain.tld/public_html
This solves the problem of WordPress auto update.
Tested on VestaCP and myVesta
Activate Raspberry Pi root Account
sudo passwd root
sudo passwd -u root
sudo nano /etc/ssh/sshd_config
Search for PermitRootLogin and change it to yes