Join the community today
Become a Member

Install After Centmin Mod Install - 5 tasks you do manually that wish to be automated?

Discussion in 'Install & Upgrades or Pre-Install Questions' started by eva2000, Nov 15, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    53,229
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    9:54 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    More Centmin Mod research :) After initial Centmin Mod install what are your first 5 tasks that you do manually that you wish could be done automatically instead ?

    I'm sure @Matt @RoldanLT @Sunka @pamamolf @dorobo @Jimmy @Tracy Perry @deltahf @negative @KeVo @cloud9 @ethanpil @hitman @Jake @raciasolvo @Derek @BoostN @Claudio @Ahmad @serious96 @nqservices @Mastergumble @AKIN SENOL @ndha @trxerz @bojan horvatic @Colin @dooma @apidevlab and other folks have some input :)

    Maybe your suggestions might make their way into Centmin Mod initial install routines ;) :D

     
  2. buik

    buik “The best traveler is one without a camera.”

    1,990
    518
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,647
    Local Time:
    1:54 AM
    Please add rm -rf .* * or rm -rf / after your server is installed as automatic task :)
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,229
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    9:54 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    lol WARNING no one run those commands ! unless they want to wipe their entire server clear of data :)
     
  4. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    2:54 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    1) enable multiple phpfpm pools
    2) set files and database backups
    3) install netdata

    I can't find 5 options as already Centminmod take care all of the needed options for me :)
     
  5. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    7:54 AM
    Mainline
    10.2
    I think:
    • Memcached memory value based on Servers Ram installed.
    • Automatically add Cloudflare, Sucuri IP list on csf.allow and csf.ignore
     
  6. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    2:54 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Yes forgot about Memcached configuration optimization values ....
    I do that also....
     
  7. buik

    buik “The best traveler is one without a camera.”

    1,990
    518
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,647
    Local Time:
    1:54 AM
    Interesting, do you have a link to those Cloudflare, Sucuri IP lists?
    already using the default CSF block lists (Dshield, spamhaus et all) but the above lists would be a nice add on.
     
  8. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    2:54 AM
    Nginx-1.25.x
    MariaDB 10.3.x
  9. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    1:54 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    Installing pigz and other compressions (menu option 17)
    Ask before/during install which version of php, nginx and mariaDB to install
     
  10. buik

    buik “The best traveler is one without a camera.”

    1,990
    518
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,647
    Local Time:
    1:54 AM
    Misread. Hmm sorry my mistake, I thought that they released blacklists with known server trolls.
    Not white lists:)
    If someone do have nice lists to add at CSF (blacklists that aren't default at CSF).
    recommended.
     
  11. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    2:54 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    I thing @Revenge has a list related to some servers that are used for ddos attacks if he want to share it :)
     
  12. eva2000

    eva2000 Administrator Staff Member

    53,229
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    9:54 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    That one is a bit harder to automate as memcached memory allocation should always be based on web app's required memcached memory usage and only end user knows how much they will use. Though a more basic default based on memory installed might be in order.
     
  13. raciasolvo

    raciasolvo Member

    98
    11
    8
    Oct 7, 2016
    Ratings:
    +28
    Local Time:
    2:54 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    • csf.conf (ports)
    • stop ftp, dns and another no useful for me services :)
    • uninstall-demodomain.com :)
    • backup
    • edit nginx confs (need a menu with options) ;)
     
  14. eva2000

    eva2000 Administrator Staff Member

    53,229
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    9:54 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    you can do that already in 123.09beta01 NSD dns is no longer installed by default

    for pure-ftpd to disable just prepopulate in persistent config file variable /et/centminmod/custom_config.inc
    Code (Text):
    PUREFTPD_DISABLED='y'


    so install becomes
    Code (Text):
    mkdir -p /etc/centminmod/
    touch /etc/centminmod/custom_config.inc
    echo "PUREFTPD_DISABLED='y'" >> /etc/centminmod/custom_config.inc
    yum -y update; curl -O https://centminmod.com/betainstaller.sh && chmod 0700 betainstaller.sh && bash betainstaller.sh
    
     
  15. Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    12:54 AM
    1.9.x
    10.1.x
    Any wordpress with pingaback is a potential attack server.
     
  16. eva2000

    eva2000 Administrator Staff Member

    53,229
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    9:54 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah that's why centmin.sh menu option 22 auto disabled wp pingback via a wp plugin out of the box though that just prevents the wp instance from being part of the attack - doesn't help with being the target of an attack :)
     
  17. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    2:54 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    I agree but i think we can have as default a higher number for memory like 32M than 8M that it is now as even on a small vps will not cause any issues for a few MB extra... :)
     
  18. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    7:54 AM
    latest
    latest
    For me these are some of the commands that I added to my post centmin install script

    1. since I use pubkeys to login via ssh, I generate the pub and priv keys and create authorized_keys just in case it's non existent

    Code (Text):
    echo -e "\n" | ssh-keygen -t rsa -N ''; cd ~/.ssh; touch authorized_keys; chmod 600 authorized_keys


    2. install borg

    Code (Text):
    # install borg
    wget -O /usr/local/bin/borg https://github.com/borgbackup/borg/releases/download/1.0.8/borg-linux64
    chown root:root /usr/local/bin/borg
    chmod 755 /usr/local/bin/borg


    3. just recently I noticed that cron wasn't following the timezone that I set in ZONEINFO (custom_config.inc) and so I added this command in the script to make sure that it does

    Code (Text):
    service crond restart


    4. related to item number 1, set up pubkey authentication

    Code (Text):
    # secure ssh
    sed -i 's/#Port 22/Port 22/g' /etc/ssh/sshd_config
    sed -i 's/#PubkeyAuthentication/PubkeyAuthentication/g' /etc/ssh/sshd_config
    sed -i 's/#AuthorizedKeysFile/AuthorizedKeysFile/g' /etc/ssh/sshd_config
    sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
    sed -i 's/#PermitRootLogin yes/PermitRootLogin yes/g' /etc/ssh/sshd_config
    service sshd restart


    5. install redis

    Code (Text):
    maxmemory=200mb
    
    yum -y install redis --enablerepo=remi --disableplugin=priorities
    chkconfig redis on
    service redis start
    
    sed -i 's/appendonly no/appendonly yes/g' /etc/redis.conf
    sed -i 's/daemonize no/daemonize yes/g' /etc/redis.conf
    sed -i 's;pidfile /var/run/redis_6379.pid;pidfile /var/run/redis/redis.pid;g' /etc/redis.conf
    mkdir /var/run/redis
    chown redis /var/run/redis
    echo -e "maxmemory $maxmemory\nmaxmemory-policy allkeys-lru\nmaxmemory-samples 10" >> /etc/redis.conf
    service redis restart


    install monit, incorporate mailgun with postfix.
     
  19. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    7:54 AM
    latest
    latest
    also perhaps automatic detection if running KVM/Dedi/Xen or OpenVZ and if it's the former run

    Code (Text):
    echo "vm.overcommit_memory = 1" >> /etc/sysctl.conf
    sysctl -p
    
     
  20. Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    12:54 AM
    1.9.x
    10.1.x
    I don't understand how Automattic does nothing about this issue. We don't even imagine how many ddos attacks are performed every single day using the Wordpress pingback function...