Upgrade Is this normal?

Jon Snow · Jul 6, 2017

eva2000 said: ↑

yeah provide the nginx upgrade log post to pastebin.com or gist.github.com only way to know what nginx compiles are doing
Click to expand...

Sent them via PM. They were too large for pastebin (no pro account) so I uploaded them.

eva2000 · Jul 6, 2017

strange, the nginx upgrade log reads like it was 123.08stable version compile not 123.09beta01

even reports such in the logs

Code (Text):

 [y/n]: [1;33;40m**********************************************************************
(B[m[1;32;40m* Nginx Update script - Included in Centmin Extras
(B[m[1;32;40m* Version: 1.2.3-eva2000.08 - Date: 31/07/2015 - Copyright 2011-2015 CentminMod.com
(B[m[1;33;40m**********************************************************************
(B[m 
[1;33;40mThis software comes with no warranty of any kind. You are free to use
(B[m[1;33;40mit for both personal and commercial use as licensed under the GPL.
(B[m 
Nginx Upgrade - Would you like to continue? [y/n] y

Install which version of Nginx? (version i.e. 1.13.2}): 1.13.2

what is output for these commands

Code (Text):

cd /usr/local/src/centminmod
git branch

you'd get reported branch i.e. 123.09beta01

Code (Text):

git branch
* 123.09beta01

and 123.09beta01 nginx recompile ending would look like this

Code (Text):

Wed Jul  5 21:00:53 UTC 2017
Success: Nginx was installed properly

/usr/local/nginx/conf/conf.d/demodomain.com.conf
/usr/local/nginx/conf/conf.d/domain.com.conf
/usr/local/nginx/conf/conf.d/virtual.conf
---
Restarting nginx (via systemctl):  [  OK  ]
    application/font-woff                 woff;
    application/vnd.ms-fontobject         eot;
    application/x-font-ttf                  ttf;
    font/opentype                           otf;
    application/font-woff2                  woff2;
application/vnd.ms-fontobject eot;
application/x-font-ttf ttf;
font/opentype otf;
application/font-woff woff; application/font-woff2 woff2;
application/font-woff2 woff2;
   _   _         _                 ____  _                                  
  | \ | |  __ _ (_) _ __  __  __  / ___|| |  ___   __ _  _ __   _   _  _ __  
  |  \| | / _` || || '_ \ \ \/ / | |    | | / _ \ / _` || '_ \ | | | || '_ \ 
  | |\  || (_| || || | | | >  <  | |___ | ||  __/| (_| || | | || |_| || |_) |
  |_| \_| \__, ||_||_| |_|/_/\_\  \____||_| \___| \__,_||_| |_| \__,_|| .__/ 
          |___/                                                       |_|    

nginx -V
nginx version: nginx/1.13.2
built by clang 3.4.2 (tags/RELEASE_34/dot2-final)
built with LibreSSL 2.5.4
TLS SNI support enabled
configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -mtune=native -g -O3 -fstack-protector -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare -Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion -Wno-c++11-compat-deprecated-writable-strings -Wno-write-strings -gsplit-dwarf' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-compat --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream=dynamic --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.0 --add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-0.3.0 --add-module=../set-misc-nginx-module-0.31 --add-module=../echo-nginx-module-0.60 --add-module=../redis2-nginx-module-0.14 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.18 --add-module=../srcache-nginx-module-0.31 --add-module=../headers-more-nginx-module-0.32 --with-pcre=../pcre-8.40 --with-pcre-jit --with-zlib=../zlib-1.2.11 --with-http_ssl_module --with-http_v2_module --with-openssl=../libressl-2.5.4

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

dynamic modules include file /usr/local/nginx/conf/dynamic-modules.conf
-rw-r--r-- 1 root root 360 Jul  5 20:59 /usr/local/nginx/conf/dynamic-modules.conf

# place custom load_module lines in this dynamic-modules-includes.conf
# file so that they persistent i.e. for manually dropped in dynamic modules
include /usr/local/nginx/conf/dynamic-modules-includes.conf;
load_module "modules/ngx_http_image_filter_module.so";
load_module "modules/ngx_http_fancyindex_module.so";
load_module "modules/ngx_stream_module.so";

dynamic module directory at /usr/local/nginx/modules
total 1.2M
drwxr-xr-x  2 root root 4.0K Jul  5 21:00 .
drwxr-xr-x 11 root root 4.0K Jul  5 09:17 ..
-rwxr-xr-x  1 root root  54K Jul  5 21:00 ngx_http_fancyindex_module.so
-rwxr-xr-x  1 root root  54K Jul  5 09:23 ngx_http_fancyindex_module.so.old
-rwxr-xr-x  1 root root  57K Jul  5 21:00 ngx_http_image_filter_module.so
-rwxr-xr-x  1 root root  57K Jul  5 09:23 ngx_http_image_filter_module.so.old
-rwxr-xr-x  1 root root 462K Jul  5 21:00 ngx_stream_module.so
-rwxr-xr-x  1 root root 462K Jul  5 09:23 ngx_stream_module.so.old

backup dynamic modules to /usr/local/nginx/modules.copy
total 1.2M
drwxr-xr-x  2 root root 4.0K Jul  5 09:17 .
drwxr-xr-x 11 root root 4.0K Jul  5 09:17 ..
-rwxr-xr-x  1 root root  54K Jul  5 21:00 ngx_http_fancyindex_module.so
-rwxr-xr-x  1 root root  54K Jul  5 09:23 ngx_http_fancyindex_module.so.old
-rwxr-xr-x  1 root root  57K Jul  5 21:00 ngx_http_image_filter_module.so
-rwxr-xr-x  1 root root  57K Jul  5 09:23 ngx_http_image_filter_module.so.old
-rwxr-xr-x  1 root root 462K Jul  5 21:00 ngx_stream_module.so
-rwxr-xr-x  1 root root 462K Jul  5 09:23 ngx_stream_module.so.old
log files saved at /root/centminlogs
-rw-r--r-- 1 root root   45 Jul  5 20:59 centminmod_libresslinstalltime_050717-205900.log
-rw-r--r-- 1 root root    8 Jul  5 20:59 patch_patchnginx_050717-205900.log
-rw-r--r-- 1 root root 1.8K Jul  5 20:59 nginx-configure-050717-205900.log
-rw-r--r-- 1 root root  32K Jul  5 21:00 nginx_autoconf.err.050717-205900.log
-rw-r--r-- 1 root root 848K Jul  5 21:00 centminmod_1.2.3-eva2000.09.005_050717-205900_nginx_upgrade.log

*************************************************
* nginx updated
*************************************************
   _   _         _                _   _             _         _             _ 
  | \ | |  __ _ (_) _ __  __  __ | | | | _ __    __| |  __ _ | |_  ___   __| |
  |  \| | / _` || || '_ \ \ \/ / | | | || '_ \  / _` | / _` || __|/ _ \ / _` |
  | |\  || (_| || || | | | >  <  | |_| || |_) || (_| || (_| || |_|  __/| (_| |
  |_| \_| \__, ||_||_| |_|/_/\_\  \___/ | .__/  \__,_| \__,_| \__|\___| \__,_|
          |___/                         |_|                                  

Total Nginx Upgrade Time: 106.806945664 seconds

what is output for command

Code (Text):

cat /usr/bin/centmin

example

Code (Text):

#!/bin/bash
pushd "/usr/local/src/centminmod"; bash centmin.sh

You can do a fresh Centmin Mod code replacement by wiping /usr/local/src/centminmod as outlined similar to update guide here for older than .07 releases.

replace branchname with branch you want either 123.08stable or 123.09beta01

Code (Text):

branchname=123.09beta01
cd /usr/local/src
rm -rf centminmod*
git clone -b ${branchname} --depth=1 https://github.com/centminmod/centminmod.git centminmod
cd centminmod
./centmin.sh

this is the manual command line equivalent of centmin.sh menu option 23 submenu option 3 and selecting 123.09beta01 branch

then you should be on 123.09beta01 code and centmin.sh menu option 4 should work

Jon Snow · Jul 6, 2017

Code (Text):
123.08stable
And
Code (Text):
#!/bin/bash
pushd /usr/local/src/centminmod; bash centmin.sh
So I have to switch back to a beta? I thought the last beta moved to stable hence why I tried upgrading.

eva2000 · Jul 6, 2017

no 123.08stable is older than 123.09beta01

you need to move to 123.09beta01

Jon Snow · Jul 6, 2017

eva2000 said: ↑

no 123.08stable is older than 123.09beta01

you need to move to 123.09beta01
Click to expand...

Oh man... I think I was on 123.09beta01 when I first started using centminmod haha.

So I just follow the instructions outlined here - Upgrade Centmin Mod - CentminMod.com LEMP Nginx web stack for CentOS

And then upgrade nginx and PHP again?

eva2000 · Jul 6, 2017

Jon Snow said: ↑

So I just follow the instructions outlined here - Upgrade Centmin Mod - CentminMod.com LEMP Nginx web stack for CentOS

And then upgrade nginx and PHP again?
Click to expand...

yup

You can do a fresh Centmin Mod code replacement by wiping /usr/local/src/centminmod as outlined similar to update guide here for older than .07 releases.

replace branchname with branch you want either 123.08stable or 123.09beta01
Code (Text):
branchname=123.09beta01
cd /usr/local/src
rm -rf centminmod*
git clone -b ${branchname} --depth=1 https://github.com/centminmod/centminmod.git centminmod
cd centminmod
./centmin.sh
this is the manual command line equivalent of centmin.sh menu option 23 submenu option 3 and selecting 123.09beta01 branch

Jon Snow · Jul 6, 2017

eva2000 said: ↑

this is the manual command line equivalent of centmin.sh menu option 23 submenu option 3 and selecting 123.09beta01 branch
Click to expand...

Can I do this? Or should I do it the manual way?

I'm not on 1.2.3-eva2000.07 or earlier (currently 123.08stable).

eva2000 · Jul 6, 2017

can do it either way manual command or centmin.sh menu option 23 submenu option 3

manual way this time would ideal to be 100% sure you're on 123.09beta01 first

Jon Snow · Jul 6, 2017

eva2000 said: ↑

can do it either way manual command or centmin.sh menu option 23 submenu option 3

manual way this time would ideal to be 100% sure you're on 123.09beta01 first
Click to expand...

It's telling me :
Code (Text):
123.09beta01 branch does not exists
try again...
So I'm following the instructions here - Upgrade Centmin Mod - CentminMod.com LEMP Nginx web stack for CentOS

I'm on step 2 :
Code (Text):
# cd /usr/local/src
# mv centmin-v1.2.3mod/ centmin-v1.2.3mod-orig
mv: cannot stat ‘centmin-v1.2.3mod/’: No such file or directory
#

eva2000 · Jul 6, 2017

strange you are using commands below ?

Code (Text):

branchname=123.09beta01
cd /usr/local/src
rm -rf centminmod*
git clone -b ${branchname} --depth=1 https://github.com/centminmod/centminmod.git centminmod
cd centminmod
./centmin.sh

on git clone command you should get something like

Code (Text):

git clone -b ${branchname} --depth=1 https://github.com/centminmod/centminmod.git centminmod
Cloning into 'centminmod'...
remote: Counting objects: 368, done.
remote: Compressing objects: 100% (339/339), done.
remote: Total 368 (delta 77), reused 108 (delta 8), pack-reused 0
Receiving objects: 100% (368/368), 20.88 MiB | 2.48 MiB/s, done.
Resolving deltas: 100% (77/77), done.

Jon Snow · Jul 6, 2017

Used :

Code (Text):

[23:09][root@hostname.domain.com centminmod]# cd /root/
[23:10][root@hostname.domain.com ~]# sed -i "s/TCP_IN = \"/TCP_IN = \"9418,/g" /etc/csf/csf.conf
[23:10][root@hostname.domain.com ~]# sed -i "s/TCP6_IN = \"/TCP6_IN = \"9418,/g" /etc/csf/csf.conf
[23:10][root@hostname.domain.com ~]# sed -i "s/TCP_OUT = \"/TCP_OUT = \"9418,/g" /etc/csf/csf.conf
[23:10][root@hostname.domain.com ~]# sed -i "s/TCP6_OUT = \"/TCP6_OUT = \"9418,/g" /etc/csf/csf.conf
[23:10][root@hostname.domain.com ~]# csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWDYNIN'
Flushing chain `ALLOWDYNOUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `INVALID'
Flushing chain `INVDROP'
Flushing chain `LOCALINPUT'
Flushing chain `LOCALOUTPUT'
Flushing chain `LOGDROPIN'
Flushing chain `LOGDROPOUT'
Flushing chain `PORTFLOOD'
Flushing chain `UDPFLOOD'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Deleting chain `ALLOWDYNIN'
Deleting chain `ALLOWDYNOUT'
Deleting chain `ALLOWIN'
Deleting chain `ALLOWOUT'
Deleting chain `DENYIN'
Deleting chain `DENYOUT'
Deleting chain `INVALID'
Deleting chain `INVDROP'
Deleting chain `LOCALINPUT'
Deleting chain `LOCALOUTPUT'
Deleting chain `LOGDROPIN'
Deleting chain `LOGDROPOUT'
Deleting chain `PORTFLOOD'
Deleting chain `UDPFLOOD'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWDYNIN'
Flushing chain `ALLOWDYNOUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `INVALID'
Flushing chain `INVDROP'
Flushing chain `LOCALINPUT'
Flushing chain `LOCALOUTPUT'
Flushing chain `LOGDROPIN'
Flushing chain `LOGDROPOUT'
Flushing chain `PORTFLOOD'
Flushing chain `UDPFLOOD'
Deleting chain `ALLOWDYNIN'
Deleting chain `ALLOWDYNOUT'
Deleting chain `ALLOWIN'
Deleting chain `ALLOWOUT'
Deleting chain `DENYIN'
Deleting chain `DENYOUT'
Deleting chain `INVALID'
Deleting chain `INVDROP'
Deleting chain `LOCALINPUT'
Deleting chain `LOCALOUTPUT'
Deleting chain `LOGDROPIN'
Deleting chain `LOGDROPOUT'
Deleting chain `PORTFLOOD'
Deleting chain `UDPFLOOD'
csf: FASTSTART loading DROP no logging (IPv4)
csf: FASTSTART loading DROP no logging (IPv6)
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
LOG  tcp opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP6IN Blocked* "
LOG  tcp opt    in * out *  ::/0  -> ::/0   tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP6OUT Blocked* "
LOG  udp opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP6IN Blocked* "
LOG  udp opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP6OUT Blocked* "
LOG  icmpv6 opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP6IN Blocked* "
LOG  icmpv6 opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP6OUT Blocked* "
LOG  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *Port Flood* "
LOG  all opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *Port Flood* "
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0
REJECT  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   reject-with icmp-port-unreachable
DROP  all opt    in * out *  ::/0  -> ::/0
REJECT  all opt    in * out *  ::/0  -> ::/0   reject-with icmp6-port-unreachable
DENYOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
DENYIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
ALLOWOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
ALLOWIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
DENYOUT  all opt    in * out !lo  ::/0  -> ::/0
DENYIN  all opt    in !lo out *  ::/0  -> ::/0
ALLOWOUT  all opt    in * out !lo  ::/0  -> ::/0
ALLOWIN  all opt    in !lo out *  ::/0  -> ::/0
csf: FASTSTART loading Packet Filter (IPv4)
csf: FASTSTART loading Packet Filter (IPv6)
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0
INVALID  tcp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
INVALID  tcp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
DROP  all opt    in * out *  ::/0  -> ::/0
INVALID  tcp opt    in !lo out *  ::/0  -> ::/0
INVALID  tcp opt    in * out !lo  ::/0  -> ::/0
csf: FASTSTART loading csf.deny (IPv4)
ALLOWDYNIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
ALLOWDYNOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
ALLOWDYNIN  all opt    in !lo out *  ::/0  -> ::/0
ALLOWDYNOUT  all opt    in * out !lo  ::/0  -> ::/0
csf: FASTSTART loading csf.allow (IPv4)
csf: FASTSTART loading csf.allow (IPv6)
  tcp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   tcp dpt:21 state NEW recent: SET name: 21 side: source mask: 255.255.255.255
PORTFLOOD  tcp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   tcp dpt:21 state NEW recent: UPDATE seconds: 300 hit_count: 5 name: 21 side: source mask: 255.255.255.255
  tcp opt    in !lo out *  ::/0  -> ::/0   tcp dpt:21 state NEW recent: SET name: 21 side: source mask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
PORTFLOOD  tcp opt    in !lo out *  ::/0  -> ::/0   tcp dpt:21 state NEW recent: UPDATE seconds: 300 hit_count: 5 name: 21 side: source mask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0
DROP  all opt    in * out *  ::/0  -> ::/0
RETURN  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   owner UID match 0
RETURN  udp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 100/sec burst 500
LOG  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDPFLOOD* "
REJECT  udp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0   reject-with icmp-port-unreachable
UDPFLOOD  udp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
RETURN  udp opt    in * out *  ::/0  -> ::/0   owner UID match 0
RETURN  udp opt    in * out !lo  ::/0  -> ::/0   limit: avg 100/sec burst 500
LOG  all opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDPFLOOD* "
REJECT  udp opt    in * out !lo  ::/0  -> ::/0   reject-with icmp6-port-unreachable
UDPFLOOD  udp opt    in * out !lo  ::/0  -> ::/0
ACCEPT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   state RELATED,ESTABLISHED
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0   state RELATED,ESTABLISHED
ACCEPT  all opt    in !lo out *  ::/0  -> ::/0   state RELATED,ESTABLISHED
ACCEPT  all opt    in * out !lo  ::/0  -> ::/0   state RELATED,ESTABLISHED
csf: FASTSTART loading TCP_IN (IPv4)
csf: FASTSTART loading TCP6_IN (IPv6)
csf: FASTSTART loading TCP_OUT (IPv4)
csf: FASTSTART loading TCP6_OUT (IPv6)
csf: FASTSTART loading UDP_IN (IPv4)
csf: FASTSTART loading UDP6_IN (IPv6)
csf: FASTSTART loading UDP_OUT (IPv4)
csf: FASTSTART loading UDP6_OUT (IPv6)
ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   icmptype 8 limit: avg 1/sec burst 5
ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0   icmptype 0
ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0   icmptype 8
ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   icmptype 0 limit: avg 1/sec burst 5
ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   icmptype 11
ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   icmptype 3
ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0   icmptype 11
ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0   icmptype 3
ACCEPT  icmpv6 opt    in !lo out *  ::/0  -> ::/0
ACCEPT  icmpv6 opt    in * out !lo  ::/0  -> ::/0
ACCEPT  all opt -- in lo out *  0.0.0.0/0  -> 0.0.0.0/0
ACCEPT  all opt -- in * out lo  0.0.0.0/0  -> 0.0.0.0/0
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
LOGDROPIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
ACCEPT  all opt    in lo out *  ::/0  -> ::/0
ACCEPT  all opt    in * out lo  ::/0  -> ::/0
LOGDROPOUT  all opt    in * out !lo  ::/0  -> ::/0
LOGDROPIN  all opt    in !lo out *  ::/0  -> ::/0
csf: FASTSTART loading DNS (IPv4)
csf: FASTSTART loading DNS (IPv6)
LOCALOUTPUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
LOCALINPUT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
LOCALOUTPUT  all opt    in * out !lo  ::/0  -> ::/0
LOCALINPUT  all opt    in !lo out *  ::/0  -> ::/0
*WARNING* LF_DISTFTP sanity check. LF_DISTFTP = 40. Recommended range: 0-20 (Default: 0)
*WARNING* LF_DISTFTP_UNIQ sanity check. LF_DISTFTP_UNIQ = 40. Recommended range: 2-20 (Default: 2)
*WARNING* DENY_TEMP_IP_LIMIT sanity check. DENY_TEMP_IP_LIMIT = 3000. Recommended range: 10-1000 (Default: 100)

*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.

Then used what I mentioned in the previous post.

I'll just cancel and start from your post.

Jon Snow · Jul 6, 2017

Done and everything works fine now.

Some small questions :

1. How does the release naming work? Would the next stable release be 1.2.3-eva2000.09?
2. Should anything be done about this? Or is that fine?
3. How can I view a list of failed logins (IPs) that tried to access SSH and what happens to them?
4. Are there any optimization recommendations?
5. What can I do to free up some memory? I want to kill processes I don't use for example.
6. Besides the default Centminmod stuff, what are some extra things I can do to increase security?

Thanks for all the help ^^

eva2000 · Jul 6, 2017

1.

123.08stable
123.09beta01
123.09stable <-- TBA

2. that's fine

3. csf firewall automatically blocks ssh brute force attempts CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS you can see it in /var/log/lfd.log and /etc/csf/csf.deny

4. centmin mod is auto optimised out of the box for 123.09beta01 and newer based on detected server resources but optimisation for web app specific usage is left to end users to tune

5. linux optimally uses memory and uses free memory for caching and frees it when needed see Help! Linux ate my RAM!

6. Sysadmin - protect root user over ssh

for new topic/questions best to start a thread in appropriate forum

Jon Snow · Jul 6, 2017

Awesome, thanks!

Log in / Register

Forums

Get the most out of your Centmin Mod LEMP stack

Upgrade Is this normal?

Jon Snow Active Member

eva2000 Administrator Staff Member

Jon Snow Active Member

eva2000 Administrator Staff Member

Jon Snow Active Member

eva2000 Administrator Staff Member

Jon Snow Active Member

eva2000 Administrator Staff Member

Jon Snow Active Member

eva2000 Administrator Staff Member

Jon Snow Active Member

Jon Snow Active Member

eva2000 Administrator Staff Member

Jon Snow Active Member

.

Log in / Register

Useful Searches

Get the most out of your Centmin Mod LEMP stack

Upgrade Is this normal?

Jon Snow Active Member

eva2000 Administrator Staff Member

Jon Snow Active Member

eva2000 Administrator Staff Member

Jon Snow Active Member

eva2000 Administrator Staff Member

Jon Snow Active Member

eva2000 Administrator Staff Member

Jon Snow Active Member

eva2000 Administrator Staff Member

Jon Snow Active Member

Jon Snow Active Member

eva2000 Administrator Staff Member

Jon Snow Active Member

.