VestaCP Let’s Encrypt SSL Certificate Location

/usr/local/vesta/data/users/admin/ssl

VestaCP Restore backup tar file

sudo /usr/local/vesta/bin/v-restore-user admin admin.2014-01-14.tar

NOTES:

• Change DNS settings if IP address is changed!
• Extra database users are NOT restored! You have to create them again.

Access Logs in Linux

CentOS 6:
Setup: /etc/logrotate.conf
Logs: /var/log

Secure Webmail on VestaCP

/etc/httpd/conf.d/roundcubemail.conf

Change lines:

Alias /webmail /usr/share/roundcubemail

Tested on centos-6-x86-minimal

Secure PhpMyAdmin on VestaCP/HestiaCP

Edit file:

/etc/httpd/conf.d/phpMyAdmin.conf

or

/etc/apache2/conf.d/phpmyadmin.conf

Change lines:

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

Tested on centos-6-x86-minimal (httpd)

Tested on Debian 10.9 (x86_64) (apache2)

Apache httpd Security Tips

ServerSignature Off
ServerTokens Prod

Raspberry Pi Raspbian Location: /etc/apache2/conf-available/security.conf

Update regularly

httpd -v

yum update httpd
apt-get install apache2

Disable /icons/ directory listing

• Edit /etc/httpd/conf.d/autoindex.conf
• Comment line: # Alias /icons/ “/usr/share/httpd/icons/”
• Disabling icons listing prevents non-loading image in diretory listings!

HTTPOnly and Secure cookie flag

Check cookie page using: https://gf.dev/secure-cookie-test

Add the line below to the file /etc/httpd/conf/httpd.conf (CentOS 7 – VestaCP)

Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

Restart Apache

service httpd restart

Security on CentOS 6

SSH, FTP

Login attempts file: /var/log/secure

Change SSH port from 22 to something else.

Change FTP port from 21 to something else.

Windows & Linux & Mac Uptime

Learn run time before last boot.

Windows:

systeminfo | find "System Boot Time:"

or

Task Manager -> Performance

Linux & Mac:

uptime

Note: System boot time is wrong on Windows 10.

Solution:

1. Press Windows key + r
2. Type services.msc
3. Click Windows Time
4. Alternate click and then click Properties
5. Change Startup type to Automatic
6. Click Start if the service isn’t started

WordPress VestaCP User Permission

Change ownership from root to (Vesta user) admin:
chown -R admin:admin /home/admin/web/domain.tld/public_html
This solves the problem of WordPress auto update.

Tested on VestaCP and myVesta

Activate Raspberry Pi root Account

sudo passwd root

sudo passwd -u root

sudo nano /etc/ssh/sshd_config
Search for PermitRootLogin and change it to yes