[HowTo] Make ispCP more Secure !

[Boter]

Hey!

For disabling Apache ServerInfo in debian, you probably even don't have included httpd.conf, so include it in apache2.conf OR add
ServerSignature Off
ServerTokens Prod

in apache2.conf

[Diego]

Thanks, but the link from the first post is broken.

[gOOvER]

I updated the link in the first post. Now it works again

[kfa]

First post, so Hey All! =)

Now to subject. On ubuntu 8.04 (hardy), enabling secure connection on proftpd wont work, as ubuntu repo's have old 2.06 proftpd as it seems...anytime user tries to connect with up to date filezilla on secure connection they fail with error:
__
Status: Server did not properly shut down TLS connection
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted
..
__

I was googling around a little and find a solution (http://forum.filezilla-project.org/viewt...2&t=13034) that worked for me;

Quote:vim /etc/apt/sources.list

Add 2 sources to list:

Quote:deb http://ppa.launchpad.net/cschieli/ppa/ubuntu hardy main
deb-src http://ppa.launchpad.net/cschieli/ppa/ubuntu hardy main

And simply run:

Quote:sudo aptitude

Update and upgrade of proftpd solved my problems..got few warnings for repo's as they are unofficial, but well..it worked

Please note, that i'm a linux newb...so use it on your own risk.

In any case, hope it will help to anyone.


GreetZ

[Mr.Sisko]

Since ispPC 1.0.7 the Options for allow-recursion must be placed in
/etc/bind/named.conf.options like

Quote:options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
// 0.0.0.0;
// };

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
allow-recursion { 127.0.0.1; xx.xx.xx.0/24; };
};

This only work for me.

Greetz

Update:

shit,... now i've got some errors like

network unreachable resolving 'ns2.lacnic.net/AAAA/IN'

Update2:
okay, looks like troubles with ipv6 Support, how can i fix this? My Server dosn't have ipv6

Update3:
i'm so stupid Just enable IPV6-Support for the Server and that's it.

Problem Solved