secure servers

[eoLithic]

Hello everybody, I would like to open a discussion on secure Linux servers. I want to know what are the most interesting things that must be addressed in order to be secure my server? I did lot of things but will be good if someone confirmed them again or pointed new ones.

Best Regards

[600gshr]

I will start with firewall, of course I think you are using WHM and just enable firewall from there. CSF firewall is easy to be configured. When firewall is configured that mean this are considered 50% of all work done. My next task is to disable all unused services like telnet and xinet.

Code:

nano /etc/xinetd.d/telnet
nano /etc/xinetd.d/krb5-telnet

look for lines disable=no and change to disable=yes

Code:

chkconfig telnet off

[index]

Very often you will see SSH attacks by various bots trying to obtain access to your server with a connection to port 22, with unlimited number of login attempts to break into your system. What you can do?

Code:

Change the SSH connection port rather than default port 22;
Disable Root login;
Use only protocol 2;
Enable Public key authentication.

[m11rr]

Secure PHP. Set restriction on system level functions in the php configuration file. Edit php.ini file:

Code:

vi /usr/local/lib/php.ini

Make these lines as below:

Code:

register_globals = Off
disable_functions = exec,system,shell_exec,passthru
expose_php = Off
magic_quotes_gpc = On

[cech]

If you are using WHM, can easy install mod_security and clamavconnector. Log in WHM and click on the link "Manage Plugins". Find this plugins:

Code:

Name: modsecurity
Author: cPanel Inc.

and

Code:

Name: clamavconnector
Author: cPanel Inc.

then install them. ModSecurity is a free open source web application firewall which can help you to guard against local file inclusion attacks and SQL injection vulnerabilities. ClamAV antivirus protection is needed for your security to protect against worms and trojans invading your mailbox and files.

Best Regards

[Shazam]

Quote:

Originally Posted by cech

If you are using WHM, can easy install mod_security and clamavconnector. Log in WHM and click on the link "Manage Plugins". Find this plugins:

Code:

Name: modsecurity
Author: cPanel Inc.

and

Code:

Name: clamavconnector
Author: cPanel Inc.

then install them. ModSecurity is a free open source web application firewall which can help you to guard against local file inclusion attacks and SQL injection vulnerabilities. ClamAV antivirus protection is needed for your security to protect against worms and trojans invading your mailbox and files.

Best Regards

The mod_security plugin is deprecated in favor of doing it with Easy Apache in the latest WHM / cPanel versions. But I'd recommend always be cautious about such updates, as the wrong selected options can really mess with your installation. You should certainly begin with the default setup, however, provided by us before you perform any changes.

[andro75]

What you have written is very interesting. I have a server and I did not anything about your advices above! Your tips are easy to implement and will make them immediately.

[BigJON]

Login through ssh and edit your host.conf file.

Code:

nano /etc/host.conf

This file content following:

Code:

order hosts,bind

And just add one more line:

Code:

nospoof on

Now you are protected from IP spoofing. Attacker used IP spoofing to change header of network packets so packets are sent to another machine.

[marci]

Very appropriate to install additional programs such rootkit scanner and port scans for checking the security of VPS. rkhunter is supported by yum an easy can be installed:

Code:

yum install rkhunter

To run checks in your system use this command line:

Code:

rkhunter -c

Portsentry is a tool to detect port scans and log it. This software must be installed manually. wget the latest version of portsentry form sourceforge.net and then do this:

Code:

tar zxf portsentry-current.version.tar.gz
make linux
make install

To launch PortsEntry:

Code:

/usr/local/psionic/portsentry/portsentry -stcp
/usr/local/psionic/portsentry/portsentry -sudp

[thnet]

Quote:

Originally Posted by eoLithic

Hello everybody, I would like to open a discussion on secure Linux servers. I want to know what are the most interesting things that must be addressed in order to be secure my server? I did lot of things but will be good if someone confirmed them again or pointed new ones.

Best Regards

In my WHM: 3 wrong passwords in 1 hour & they are blocked....

Quote:

Security >> Security Center >> Configure cPHulk

Configure Settings

IP Based Brute Force Protection Period in minutes: [60]
Brute Force Protection Period in minutes: [90]
Maximum Failures By Account: [7]
Maximum Failures Per IP: [3]
Maximum Failures Per IP before IP is blocked for two week period: [7]
Extend account lockout time upon additional authentication failures: √
Send notification when brute force user is detected: √

.
.
.