ServerTokens Prod

ServerSignature Off
LoadModule reqtimeout_module modules/mod_reqtimeout.so

<Location />
<LimitExcept GET POST>
order deny,allow
deny from all
</LimitExcept>
</Location>

TraceEnable Off
Header always append X-Frame-Options SAMEORIGIN

RequestReadTimeout header=10-30,MinRate=500 body=10,MinRate=2000

ab -n 1000 -c 10 http://192.168.100.1/

iptables -A INPUT -p tcp –tcp-flags FIN FIN -j DROP

-A OUTPUT -p tcp  –tcp-flags RST RST -j REJECT –reject-with tcp-reset

two more falgs PSH and FIN

# cd /proc/sys/net/ipv4
# echo 1 > tcp_orphan_retries
# cat tcp_fin_timeout
# echo 5 > tcp_fin_timeout

#for ((i=2;i<255;i++)); do ip addr add 192.168.100.$i dev eth4 ; done

for ((j=1;j<1000;j++)); do

for ((i=2;i<255;i++)); do

usleep 20000;

echo $i; echo -n “GET / HTTP/1.0″ | nc -w 2 192.168.100.1 80 &

done ;

done

# netstat -nat | awk ‘{print $6}’ | sort | uniq -c | sort -n

- ipsec vpn

confidential - encryption - symmectric RC4 DES 3DES AES blowfish , asymmectric public key RSA DH ( groups 12514 )

integrity - hash MD5 SHA1 SHA2 ( sender data+hash, receiver data+hash = hash )

authentication - HMAC ( hashed mess authen code ) Diffie-Hellman algorithm ( DH groups 125 )

Step1 established IKE (500/UDP)- phase 1 : proposals (encrypt,hash,authen,DH groups)- policy (main/aggressive, preshared key)- gateway (IP,interface) - phase 2 : quick mode - proposal ( ESP/AH , hmac ) - policy (PFS reasign DH groups) - vpn ( tunnel/transport mode)

Step 2 : process traffic - transport mode ( insert ipsec header before payload ) vs tunnel mode ( new header packed the original + trail ) ; AH (51,intefrity,authen,antireplay) vs ESP (50 , integrity,authen,antireplay,confidential )

==============================

Phase 1

+ proposal : auth-algo (md5,sha1/256) auth-method ( preshared / DSARSA key) encrypt-algo (DES,3DES,AES) dh-group (12514) lifetime ( 180s - 1day)

+ policy : proposal ( F1_PRO ) preshared-key (”pass123″)/certificate(DSARSA) mode (main/aggresive)

+ gateway : policy ( F1_POL) address (remote_ip) external interface (ge-0/0/0)

Phase 2

+ proposal : authen-algo (HMAC-md5/sha1256) encrypt (DES,3DES,AES) lifetime, protocol (ESP/AH)

+ policy : proposal (F2_PRO) PFS key (group12514)

+ vpn : bind-interface (st0.1) establishedtunnel ( immediate ) ike gateway (F1_GW) ike ipsec-pol (F2_POL)

update thold_data a , graph_templates_graph b

SET a.name=b.title_cache
where a.graph_id=b.local_graph_id

https://github.com/Cacti/plugin_thold/releases

LOCAL_CONFIG
Klog syslog
HSubject: $>+CheckSubject
LOCAL_RULESETS
SCheckSubject
R$*{TAB}$: $(log Subject: $1 $) $1

SecRule SCRIPT_BASENAME “\.php$” “id:999,chain,deny,msg:’%{TIME_YEAR}/%{TIME_MON}/%{TIME_DAY} %{TIME_HOUR}:%{TIME_MIN}:%{TIME_SEC} %{SCRIPT_FILENAME} %{REQUEST_BODY} BLOCKIP= %{REMOTE_ADDR} ‘”

SecRule SCRIPT_UID “^48$” log

SecRule REQUEST_FILENAME “^/phpadmin/” “id:990,noauditlog,allow”

SecRule ARGS “@containsWord select” “id:998,log,pass,t:lowercase”

SecRule ARGS “@containsWord union” “id:997,log,pass,t:lowercase”

SecRule ARGS “@containsWord outfile” “id:996,log,pass,t:lowercase”

SecRule ARGS “@containsWord load_file” “id:995,log,pass,t:lowercase”

#SecRule REQUEST_HEADERS:User-Agent “MJ12bot”    ”id:972,deny,log”

#SecRule REQUEST_HEADERS:User-Agent “bingbot”    ”id:973,deny,log”

SecRule ARGS “login” “id:980,pass,msg:’%{TIME_YEAR}/%{TIME_MON}/%{TIME_DAY} %{TIME_HOUR}:%{TIME_MIN}:%{TIME_SEC} %{SCRIPT_FILENAME} %{REQUEST_BODY} LOGINIP= %{REMOTE_ADDR} ‘”

[modsec-php48]

enabled  = true

filter   = modsec-php48

action   = iptables-multiport[name=modsecPHP48, port="80,443", protocol=tcp]

modsec-php48-whois[name="ModSecBackdoor", dest="xxx@yahoo.com", sender=xxx@vixxxave.vn, sendername="Fail2Ban"]

logpath  = /var/log/httpd/modsec_audit.log

maxretry = 1

findtime = 3600

bantime  = 864000

grep SSLCertificate /etc/httpd/conf.d/ssl.conf

openssl req -new -days 3650 -x509 -nodes -newkey rsa:2048 \
-out /etc/pki/tls/certs/server.crt -keyout /etc/pki/tls/private/server.key
chmod 600 /etc/pki/tls/certs/server.crt
chmod 600 /etc/pki/tls/private/server.key

cat /var/log/maillog-20170514 | grep authid | cut -d ‘=’ -f 4 | sort | uniq -c | sort -nr

wget http://dev.mysql.com/get/Downloads/MySQL-Cluster-7.3/MySQL-Cluster-gpl-7.3.5-1.el6.x86_64.rpm-bundle.tar

tar -xvf MySQL-Cluster-gpl-7.3.5-1.el6.x86_64.rpm-bundle.tar

yum groupinstall 'Development Tools'

yum remove mysql-libs

yum install libaio-devel

rpm -Uhv MySQL-Cluster-server-gpl-7.3.5-1.el6.x86_64.rpm

vi config.ini

#####################################

[NDBD DEFAULT]
NoOfReplicas=1
DataDir= /opt/mysql-cluster

[MYSQLD DEFAULT]

[NDB_MGMD DEFAULT]

[TCP DEFAULT]

# Section for the cluster management node
[NDB_MGMD]
# IP address of the management node (this system)
HostName=10.10.255.175

# Section for the storage nodes
[NDBD]
# IP address of the first storage node
HostName=10.10.255.176

[NDBD]
# IP address of the second storage node
HostName=10.10.255.177

# one [MYSQLD] per storage node
[MYSQLD]
HostName=10.10.255.176

[MYSQLD]
HostName=10.10.255.177
~

ndb_mgmd -f /opt/mysql-cluster/config.ini