Learn about Centmin Mod LEMP Stack today
Become a Member

Install After Centmin Mod Install - 5 tasks you do manually that wish to be automated?

Discussion in 'Install & Upgrades or Pre-Install Questions' started by eva2000, Nov 15, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    47,292
    10,703
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,628
    Local Time:
    3:57 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    More Centmin Mod research :) After initial Centmin Mod install what are your first 5 tasks that you do manually that you wish could be done automatically instead ?


    I'm sure @Matt @RoldanLT @Sunka @pamamolf @dorobo @Jimmy @Tracy Perry @deltahf @negative @KeVo @cloud9 @ethanpil @hitman @Jake @raciasolvo @Derek @BoostN @Claudio @Ahmad @serious96 @nqservices @Mastergumble @AKIN SENOL @ndha @trxerz @bojan horvatic @Colin @dooma @apidevlab and other folks have some input :)

    Maybe your suggestions might make their way into Centmin Mod initial install routines ;) :D
     
  2. buik

    buik "Nobody who ever gave his best regretted it." Premium Member

    1,436
    389
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,212
    Local Time:
    7:57 AM
    Please add rm -rf .* * or rm -rf / after your server is installed as automatic task :)
     
  3. eva2000

    eva2000 Administrator Staff Member

    47,292
    10,703
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,628
    Local Time:
    3:57 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    lol WARNING no one run those commands ! unless they want to wipe their entire server clear of data :)
     
  4. pamamolf

    pamamolf Premium Member Premium Member

    3,947
    400
    83
    May 31, 2014
    Ratings:
    +779
    Local Time:
    8:57 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    1) enable multiple phpfpm pools
    2) set files and database backups
    3) install netdata

    I can't find 5 options as already Centminmod take care all of the needed options for me :)
     
  5. rdan

    rdan Well-Known Member

    5,077
    1,255
    113
    May 25, 2014
    Ratings:
    +1,908
    Local Time:
    1:57 PM
    Mainline
    10.2
    I think:
    • Memcached memory value based on Servers Ram installed.
    • Automatically add Cloudflare, Sucuri IP list on csf.allow and csf.ignore
     
  6. pamamolf

    pamamolf Premium Member Premium Member

    3,947
    400
    83
    May 31, 2014
    Ratings:
    +779
    Local Time:
    8:57 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    Yes forgot about Memcached configuration optimization values ....
    I do that also....
     
  7. buik

    buik "Nobody who ever gave his best regretted it." Premium Member

    1,436
    389
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,212
    Local Time:
    7:57 AM
    Interesting, do you have a link to those Cloudflare, Sucuri IP lists?
    already using the default CSF block lists (Dshield, spamhaus et all) but the above lists would be a nice add on.
     
  8. pamamolf

    pamamolf Premium Member Premium Member

    3,947
    400
    83
    May 31, 2014
    Ratings:
    +779
    Local Time:
    8:57 AM
    Nginx-1.17.x
    MariaDB 10.3.x
  9. Sunka

    Sunka Well-Known Member

    1,147
    316
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +514
    Local Time:
    7:57 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    Installing pigz and other compressions (menu option 17)
    Ask before/during install which version of php, nginx and mariaDB to install
     
  10. buik

    buik "Nobody who ever gave his best regretted it." Premium Member

    1,436
    389
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,212
    Local Time:
    7:57 AM
    Misread. Hmm sorry my mistake, I thought that they released blacklists with known server trolls.
    Not white lists:)
    If someone do have nice lists to add at CSF (blacklists that aren't default at CSF).
    recommended.
     
  11. pamamolf

    pamamolf Premium Member Premium Member

    3,947
    400
    83
    May 31, 2014
    Ratings:
    +779
    Local Time:
    8:57 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    I thing @Revenge has a list related to some servers that are used for ddos attacks if he want to share it :)
     
  12. eva2000

    eva2000 Administrator Staff Member

    47,292
    10,703
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,628
    Local Time:
    3:57 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    That one is a bit harder to automate as memcached memory allocation should always be based on web app's required memcached memory usage and only end user knows how much they will use. Though a more basic default based on memory installed might be in order.
     
  13. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    8:57 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    • csf.conf (ports)
    • stop ftp, dns and another no useful for me services :)
    • uninstall-demodomain.com :)
    • backup
    • edit nginx confs (need a menu with options) ;)
     
  14. eva2000

    eva2000 Administrator Staff Member

    47,292
    10,703
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,628
    Local Time:
    3:57 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    you can do that already in 123.09beta01 NSD dns is no longer installed by default

    for pure-ftpd to disable just prepopulate in persistent config file variable /et/centminmod/custom_config.inc
    Code (Text):
    PUREFTPD_DISABLED='y'


    so install becomes
    Code (Text):
    mkdir -p /etc/centminmod/
    touch /etc/centminmod/custom_config.inc
    echo "PUREFTPD_DISABLED='y'" >> /etc/centminmod/custom_config.inc
    yum -y update; curl -O https://centminmod.com/betainstaller.sh && chmod 0700 betainstaller.sh && bash betainstaller.sh
    
     
  15. Revenge

    Revenge Active Member

    465
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +352
    Local Time:
    6:57 AM
    1.9.x
    10.1.x
    Any wordpress with pingaback is a potential attack server.
     
  16. eva2000

    eva2000 Administrator Staff Member

    47,292
    10,703
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,628
    Local Time:
    3:57 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    yeah that's why centmin.sh menu option 22 auto disabled wp pingback via a wp plugin out of the box though that just prevents the wp instance from being part of the attack - doesn't help with being the target of an attack :)
     
  17. pamamolf

    pamamolf Premium Member Premium Member

    3,947
    400
    83
    May 31, 2014
    Ratings:
    +779
    Local Time:
    8:57 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    I agree but i think we can have as default a higher number for memory like 32M than 8M that it is now as even on a small vps will not cause any issues for a few MB extra... :)
     
  18. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    1:57 PM
    latest
    latest
    For me these are some of the commands that I added to my post centmin install script

    1. since I use pubkeys to login via ssh, I generate the pub and priv keys and create authorized_keys just in case it's non existent

    Code (Text):
    echo -e "\n" | ssh-keygen -t rsa -N ''; cd ~/.ssh; touch authorized_keys; chmod 600 authorized_keys


    2. install borg

    Code (Text):
    # install borg
    wget -O /usr/local/bin/borg https://github.com/borgbackup/borg/releases/download/1.0.8/borg-linux64
    chown root:root /usr/local/bin/borg
    chmod 755 /usr/local/bin/borg


    3. just recently I noticed that cron wasn't following the timezone that I set in ZONEINFO (custom_config.inc) and so I added this command in the script to make sure that it does

    Code (Text):
    service crond restart


    4. related to item number 1, set up pubkey authentication

    Code (Text):
    # secure ssh
    sed -i 's/#Port 22/Port 22/g' /etc/ssh/sshd_config
    sed -i 's/#PubkeyAuthentication/PubkeyAuthentication/g' /etc/ssh/sshd_config
    sed -i 's/#AuthorizedKeysFile/AuthorizedKeysFile/g' /etc/ssh/sshd_config
    sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
    sed -i 's/#PermitRootLogin yes/PermitRootLogin yes/g' /etc/ssh/sshd_config
    service sshd restart


    5. install redis

    Code (Text):
    maxmemory=200mb
    
    yum -y install redis --enablerepo=remi --disableplugin=priorities
    chkconfig redis on
    service redis start
    
    sed -i 's/appendonly no/appendonly yes/g' /etc/redis.conf
    sed -i 's/daemonize no/daemonize yes/g' /etc/redis.conf
    sed -i 's;pidfile /var/run/redis_6379.pid;pidfile /var/run/redis/redis.pid;g' /etc/redis.conf
    mkdir /var/run/redis
    chown redis /var/run/redis
    echo -e "maxmemory $maxmemory\nmaxmemory-policy allkeys-lru\nmaxmemory-samples 10" >> /etc/redis.conf
    service redis restart


    install monit, incorporate mailgun with postfix.
     
  19. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    1:57 PM
    latest
    latest
    also perhaps automatic detection if running KVM/Dedi/Xen or OpenVZ and if it's the former run

    Code (Text):
    echo "vm.overcommit_memory = 1" >> /etc/sysctl.conf
    sysctl -p
    
     
  20. Revenge

    Revenge Active Member

    465
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +352
    Local Time:
    6:57 AM
    1.9.x
    10.1.x
    I don't understand how Automattic does nothing about this issue. We don't even imagine how many ddos attacks are performed every single day using the Wordpress pingback function...