Default permission/ownership pada folder di akun cpanel

cPanel / WHM adalah salah satu control panel hosting linux paling populer di industri webhosting. Anda harus memiliki pengetahuan dasar ini, jika Anda harus mengelola akun cPanel. Semua folder di akun cPanel memiliki permission/ownership yang telah ditentukan. Jika ada perubahan pada permission/ownership ini, dapat menyebabkan web site anda berhenti berfungsi normal.

  1. Home directory

    Home directory adalah folder paling luar dari suatu akun cpanel.
    # ll -d /home/user/
    drwx--x--x 29 user user 4096 Mar 3 10:23 /home/user/

    Folder permission : 711
    Folder ownership : user : user

  2. Default document root.

    Document root terletak di bawah direktori /home/user secara default.
    public_html: Sub direktori, yang terletak di dalam direktori home Anda, yang berisi file yang dapat diakses publik melalui HTTP. Direktori www adalah tautan (symbolic link) ke public_html. Semua file dan folder di dalam public_html dapat dilihat melalui Internet, kecuali jika Anda secara khusus melindunginya dengan proteksi password atau menggunakan file .htaccess.
    Read the rest of this entry »

Tuning sysctl.conf on CentOS 7

Sysctl¬†lets the user fine tune the kernel without having to rebuild the kernel. It also will apply the changes immediately, thus the server won’t have to be rebooted for changes to take effect. To make the changes permanent, you will have to add these values to a configuration file. Use the configuration file CentOS provides by default,¬†/etc/sysctl.conf.

Open the file with your favorite editor.

# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
# For more information, see sysctl.conf(5) and sysctl.d(5).

# Minimizing the amount of swapping
vm.swappiness = 20
vm.dirty_ratio = 80
vm.dirty_background_ratio = 5

# Increases the size of file handles and inode cache & restricts core dumps
fs.file-max = 2097152
fs.suid_dumpable = 0

# Change the amount of incoming connections and incoming connections backlog
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 262144

# Increase the maximum amount of memory buffers
net.core.optmem_max = 25165824

# Increase the default and maximum send/receive buffers
net.core.rmem_default = 31457280
net.core.rmem_max = 67108864
net.core.wmem_default = 31457280
net.core.wmen_max = 67108864

# Enable TCP SYN cookie protection
net.ipv4.tcp_syncookies = 1

# Enable IP spoofing protection
net.ipv4.conf.all.rp_filter = 1

# Enable ignoring to ICMP requests and broadcasts request
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable logging of spoofed packets, source routed packets and redirect packets
net.ipv4.conf.all.log_martians = 1

# Disable IP source routing
net.ipv4.conf.all.accept_source_route = 0

# Disable ICMP redirect acceptance
net.ipv4.conf.all.accept_redirects = 0

Clamav Signatures

Clamav Signatures from malware expert help improve the detection rate on malware from PHP files. You can add malware expert clamav signatures to freshclam.conf file:


Read the rest of this entry »