service httpd stop
ps ax | grep httpd (Verify that no httpd process still running)
cd /usr/local/apache
mkdir /home2/apache ( Considering /home2 as your new drive)
mv domlogs /home2/apache/
ln -s /home2/apache/domlogs /usr/local/apache/domlogs
ls -la /usr/local/apache/ (Verify the link)
service httpd start

http://forums.cpanel.net/f5/move-apache-domlogs-second-disk-drive-98821.html

# wget http://rarlab.com/rar/rarlinux-3.7.1.tar.gz
# tar xvzf rarlinux*
# cd rar
# make
# make install

Hope this helps.

rm /etc/xinet.d/pure-ftpd

Bu islem yeterli gelir , sorun duzelmezse eger , pure-ftpd yi  kaldirip tekrar kurmamiz gerekir.

yum remove pure-ftpd
yum install pure-ftpd

Daha sonra yapmamiz gereken daha onceki kayitli olan `lxadmin tarafindan olusturulan fptuser larimizi tanitmamiz lazim` pureftpd.pdb  pure-ftp.conf dosyamizda etkinlestiriyoruz.

nano /etc/pure-ftpd/pure-ftpd.conf
dosyayi actiktan sonra
#PureDB                        /etc/pure-ftpd/pureftpd.pdb
yukardaki satiri asagidaki sekilde degistiriyoruz
PureDB                        /etc/pure-ftpd/pureftpd.pdb

Kayit edip cikiyoruz.`ctrl-x` pure-ftpd yi durdurup tekrar baslatiyoruz. hepsi bukkadar.

/etc/init.d/pure-ftpd stop
/etc/init.d/pure-ftpd start

cat timezone -->America/New_York ->Europe/Istanbul

olarak   biz bu degeri  degisitiriyoruz ve bu sorundan kurtuluyoruz.

Karsilastigim bir sorunun cozumunu paylasmak istedim, Apache sunucumda , sitemaplari gosterirken belli bir kayittan sonra sitemap.php dosyasi hata veriyordu, 404 yada 500  hatasi veriyordu , bu sorunu  ModSecurity SecResponseBodyLimit  degerini arttirarak cozebilirsiniz.

There are a number of tools -

Check to see if it is an attack - :: netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

Apache -

Mod_evasive
httpd.conf - reconfiguration ( timeout, keepalive, server spawn )

Connection Monitoring -

netstat -

- Run these commands to seek all connections on port 80, with type SYN.

netstat -n | grep :80 |wc -l

netstat -n | grep :80 | grep SYN |wc -l

install bwm-ng ( bandwidth monitor )

sysctl.conf - hardening/reconfiguration. Helps the box handle extra load as connections are being processed.

Enable syncookies as well via echo 1 > /proc/sys/net/ipv4/tcp_syncookies

We've previously described keeping SSH access secure by limiting which users can connect, or just firewalling access so that only a small list of trusted IP addresses can connect. In most cases this is sufficient to protect your system.

However there are times when you have to allow arbitary incoming connections, when you are travelling for example.

In these situations you can open up your system to allow incoming connections and be the target of a dictionary attack - literally a machine trying to connect and login over and over again using usernames and passwords from a dictionary.

These attempts will be logged in your /var/log/auth.log file like this:

sshd[x]: Illegal user admin from aa.bb.cc.dd
sshd[x]: Illegal user test from aa.bb.cc.dd
sshd[x]: Illegal user guest from aa.bb.cc.dd

In this situation you can create a collection of firewalling rules which will deny access from remote clients who attempt to connect "too many" times.

If you have an existing firewall in place, using iptables, then adding the rules is very straightforward.

The way the recent module works is fairly straightforward, you basically add IP addresses to a list, which can then be used in the future to test connection attempts against. This allows you to limit the number of connections against either a number of seconds, or connection attempts. In our example we'll do both.

An example is probably the simplest way to illustrate how it works. The following two rules will limit incoming connections to port 22 to no more than 3 attemps in a minute - an more than that will be dropped:

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP

The --state flag takes a comma seperated list of connection states as an argument, by using "--state NEW" as we did we make sure that only new connections are managed by the module.

The --set parameter in the first line will make sure that the IP address of the host which initiated the connection will be added to the "recent list", where it can be tested and used again in the future i.e. in our second rule.

The second rule is where the magic actually happens. The --update flag tests whether the IP address is in the list of recent connections, in our case each new connection on port 22 will be in the list because we used the --set flag to add it in the preceeding rule.

Once that's done the --seconds flag is used to make sure that the IP address is only going to match if the last connection was within the timeframe given. The --hitcount flag works in a similar way - matching only if the given count of connection attempts is greater than or equal to the number given.

Together the second line will DROP an incoming connection if:

* The IP address which initiated the connection has previously been added to the list and
* The IP address has sent a packet in the past 60 seconds and
* The IP address has sent more than 4 packets in total.

You can adjust the numbers yourself to limit connections further, so the following example will drop incoming connections which make more than 2 connection attempts upon port 22 within ten minutes:

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
--set

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
--update --seconds 600 --hitcount 2 -j DROP

If you wish to test these rules you can script a number of connection attempts from an external host with the netcat package.

The following script attempts to connect to the IP address 192.168.1.1 5 times. The first couple of attempts you should see a welcome banner such as "SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.4" - after that the script will hang as it's packets are dropped and no response is sent:

#!/bin/bash

for i in `seq 1 5` ; do
echo 'exit' | nc 192.168.1.1 22 ;
done

There's a lot of documentation on the netfilter/iptables firewall, and it's available modules which you can find in the Netfilter Extension HOWTO.

This HOWTO contains documentation on many different modules, along with examples. A recommended read if you're interested in Linux firewalling.

If you wish to experiment with rules and testing it's worth remembering how to remove all active rules. The following commands will flush your iptables filewall, and remove all currently active rules:

iptables -F
iptables -X

apt-get install fail2ban

mkdir /var/log/named
chmod a+w /var/log/named

Next, edit /etc/bind/named.conf.local and add the following lines

logging {
channel security_file {
file "/var/log/named/security.log" versions 3 size 30m;
severity dynamic; print-time yes; };
category security { security_file; };
};

now to set up fail2ban. Edit the /etc/fail2ban/jail.conf file and change from:

[named-refused-udp]
enabled  = false to:true

[named-refused-tcp]

enabled  = false to true

Then restart fail2ban in the usual manner,

/etc/init.d/fail2ban restart

read more article for click

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address ??.1??.4.234
netmask 255.255.255.0
network ??.1??.4.0
broadcast ??.1??.4.255
gateway ??.1??.4.1
?? your ip
Then restart network interface, /etc/init.d/networking restart

nano  /etc/sysctl.conf dosyamizi aciyoruz ve bu satirlari ekliyoruz olanlarin degerlerini olmayanlarin tamamini ekliyoruz

net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1

sonrada kontrol ediyoruz pinglere cevap verip vermedigini sunucumuzun.[ad#ad-1]