Security

Centmin Mod is provide as is, so short of scripted related bugs or issues, any further optimisation to the web stack components - nginx, php-fpm, mariadb mysql, csf firewall etc or web app specific configurations are left to the Centmin Mod user to deal with. So I do not provide any free support for such. Centmin Mod out of the box has enough security however, not everything is locked down as tight as some software or configurations used require end user to understand fully what they are doing - not being able to understand such you could either lock yourself out or render the server unusable or just plain not useful if you don't know what the warnings mean (or difference between a warning, notice or something that MAY apply) (i.e. SELINUX enabling, AIDE etc).

However, Centmin Mod users are free to help each other out and ask questions or give answers on this community forum. My hopes are that this community forum evolves so that more veteran long time Centmin Mod users help new Centmin Mod users out

As to that linked list of items, some I'd be careful with unless you know 100% what you're doing and what implications deploying such measures means. These include

• Enabling secure mounts
• Enabling SELINUX
• Installing and configuring AIDE and AuditD both of which only applies to non-OpenVZ VPS systems
• TCP Wrappers
• Securing Cron
• IPTables not needed as CSF Firewall takes care of most rules
• Disabling DHCP
• Securing SSHD most covered by Centmin Mod

 

Indeed a test server is a good way to start understanding and learning about Centmin Mod

Just a reminder of some threads to read, pages to bookmark and threads to watch/subscribe to get to know Centmin Mod would include:

• Getting Started Guide, FAQ and What's New and centmin.sh guide.
• How to Install Centmin Mod 1.2.3-eva2000.08 Stable - you'd want to bookmark or subscribe to this thread for updates to the code, bug fixes, security updates etc.
• How to upgrade Centmin Mod 1.2.3-eva2000.08+ stable
• How to troubleshoot initial installs (as well as find the log files for all software for troubleshooting).
• Centmin Mod Configuration Files Overview
• Centmin Mod + Youtube Resources - recently created to illustrate visually what Centmin Mod can do. Alot of the vidoes are to showcase Centmin Mod .08 betas features which eventually will become the next stable release.
• All things SSL https related at SSL - HTTPS as a Google ranking signal
• Centmin Mod Insights forum - delve deeper into Centmin Mod code if you want to tweak it or extend it yourself. Find out how PHP Opcode cachers like APC Cache, Zend Opcache and Xcache are configured and installed and how Memcached server is setup etc.
• Several ways to follow Centmin Mod code development and changes/commits via Github Commit forum or directly on Centmin Mod Github repository - 123.08stable branche
• For forums, also check threads in dedicated Forum Software Usage forums. Some Xenforo users including myself have posted out Nginx vhost configs at Xenforo - My Xenforo Nginx vhost configuration
• For Nginx Pagespeed check out the official site page for Centmin Mod's integration of ngx_pagespeed module. Also check out the prefix linked forum url Nginx, PHP-FPM & MariaDB MySQL | Centmin Mod Community easy way to jump into all threads and info related to ngx_pagespeed. In particular bookmark the Nginx PageSpeed Troubleshooting sticky thread as there is high chance you need to tweak your Nginx pagespeed.conf config file for your web apps and styles used. You can see an example of this forum's pagespeed.conf tweaked for Xenforo and my particular used Xenforo style/theme and some discussion of troubleshooting advertising and ngx_pagespeed.

Premium Membership

• Centmin Mod Premium Membership Benefits

 

you maybe referring to Security Harden CentOS 7

• Explain: Linux and UNIX TCP Wrappers – Find Out If a Program Is Compiled With TCP Wrappers
• https://access.redhat.com/documenta...ml/Reference_Guide/s1-tcpwrappers-access.html
• using /etc/hosts.allow and /etc/hosts.deny to secure unix | Smart Domotik World
• Host Access Control - Documentation - cPanel Documentation

 

CSF Firewall's LFD prevents such for SSHD CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS