RE: sentora security enhancement
01-24-2015, 05:14 AM
(This post was last modified: 01-24-2015, 05:15 AM by mars.)
(01-23-2015, 05:36 AM)Me.B Wrote: I can help you over this for fine tuning.. I don't think that disabling php function would work as the panel will need to execute zsudo... It will break the panel daemon for sure.
I see fail2ban & good tools... also could be tuned for centos instead of focusing only on Ubuntu.
Also adding clamav/spamassassin to postfix will require a lot more ram... It should be optional or checking ram first. If you plan mainly to use server for hosting it won't help really.
forget about suphp as we plan to add suExec in next release would be more fun.
Webalizer is a mess...
Modsecurity if you enable all rules it will break sentora and CMS, so rules need to be tested with big care.
M B
Thank you for your comments, I will appreciate any help on this because security is not an easy task.
About:
- zsudo, you were rigth PHP system() function must be enabled in command line CLI-mode and daemon runs perfectly
- centOS, yes, Ubuntu is not the one and only but is the one I know, hope somebody can help with this
- clamav/spamassasin, My tests indicates that the high resources consuming is at first time, I will check on production and review load average regularly,...mmm your RAM checking sounds good, so may be this packages can be optional, and I consider it because one of my clients has a public webmail service, but again, you are right, is not required for everyone
- suphp, forget about it, i will take a look about apache suExec support
- ModSecurity, good to know,
thanks for the tips
