Advanced Securing & Hardening Of Linux Server -cPanel
Oct 29, 2009
We have discussed all the basic methods of securing and hardening the server. Lets leave all the basic and general server securing and hardening I have started this to get advance knowledge in securing and hardening of the server so that it will usefull for all the person So i request all to provide all the vaulable tips and suggestions in advance securing and hardening of linux servers I welcome all the comments related to advance securing and hardening of linux servers.
1. I don't use nor will I EVER use cPanel (royal POS in my opinion). I might, however, have DirectAdmin installed (not sure yet)
2. CentOS 5, 64-bit edition
3. Apache 2.2 latest, MYSQL 5.1 latest, PHP 5.2 latest
I usually use appears to be super busy and just not able to get the job done. No slight on him, he has a busy work schedule. So I'm looking to go outside of my comfort zone and see other companies to use. I don't think I can use Platinum as I outright refuse to even discuss cPanel as an option. If I want an underperforming, unsecure and incompatible web and database server, I'll run Windows.
So I'm looking for the usual end-to-end hardening package. I'm too lazy to do it myself and I'll forget to do something. Any recommendations out there in WHT land?
So I did something terribly dumb early this AM...go me...and I had to reinstall. Yes, it was that bad. Kernel panics, a hoarked up bootloader, nothing in the execution path, etc. Let's just say that between the 2.6.18-128.el5 kernel (I've been reading that there are a lot of reports of file corruption after this update, something I saw as well...) and yum doing something it wasn't supposed to, I'm having to start over. Thank goodness for backups. Anyways, to my questions:
CentOS 5.3 64-bit, clean install, no CP yet. I'm trying to get the base OS clean, simple and hardened before I put DA on there again and restore my websites but I have a few questions since I'm a network dork and normally pay for people to do the extended server hardening for me.
There are many people who sell server hardening for windows and linux and all the packages are pretty much the same. I don't want to give anyone outside access to my server no matter how much they claim to be good, fact is once it's out, it's out.
Is there an online resource with some sort of check list and links for a quality server hardening for windows and linux servers?
I.E. install this, install that, configure this?
Seems that do it yourself is worth the training and $100
Since this got lost (google cache of thread discussion so far) [url] im reposting because i think it was an interesting discussion.
I'm setting up a cpanel server for the first time. I was wondering if i could harden the default cpanel permissions for the user folders in /home The idea is to prevent users viewing each others files. Please don't suggest the php open_basedir option as its not secure and doesn't work with cgi based file browsers.
Note I'm using suexec/suphp.
currently new cpanel users folders are created with group and user ownership and the permissions 755
I was thinking if i changed this to 711 would this break anything?
Could i lock this down even more by changing the group ownership to "nobody" and thus have permissions 710.
I have a Windows 2000 Advanced Server where there's a performance issue with some of the .asp pages that retrieve data from Access databases, (I know Access databases aren't ideal for data). These pages will just get stuck/freeze, and then either suddenly spring back to life, or give a script timeout error 0113.
The largest Access database I've seen is 136MB (is that way too large?)
I will probably move some of the large Access databases onto a different server but before I do:
- Are there any tools you can recommend to diagnose exactly what files / databases are causing the problem. I don't think the Win 2000 performance monitor tools even work.
- Can anyone explain more about the technicalities behind this issue. I expect it has something to do with processes, threads, memory, Access drivers being loaded into memory etc etc. Can anyone tell me what they know to put me in the picture better?
We have a linux server running cPanel/WHM and using Exim for mail, we're also using SpamAssassin to label messages as spam. I have made a few modifications to settings and installed things like DomainKeys, but am wondering if I am doing enough.
My objectives are to:
1) Prevent mail users on the server from being inundated with spam, and/or be able to effectively manage any spam that does come through.
2) Ensure that messages that my mail users send out remains as highly deliverable as possible.
3) Make it difficult for third parties to exploit my mail server for their own spamming needs.
Are there any good tutorials out there on this stuff that should at least cover some of my bases? Where should I begin? The only thing preventing me from hiring out the work to someone else is that I'd like to learn how to do it myself.
Will be getting a new dedicated server. I know that I need to install APF + BFD for sure, but what else would you recommend installing to secure the server? Apache's mod_security module? DOS module? What are the obvious candidates other than APF/BFD?
I have one server with a small number of clients <10. The clients have dynamic IPs.
The server hosts a number of public facing websites, email, FTP and remote desktop.
What I want to do is make port 80 respond to all web requests but lock all other services down so that they only respond to my 10 clients. I was thinking some certificate or VPN solution but I've ruled VPN out as I don't have a firewall or VPN so would I be able to do this with IPSEC?
Is there quick utility that would do this or can you point me to a good example article?
I have a lot of experience with VPSs and recently have been working with dedicated servers but my partner and I are going to be providing VPSs and my main concern is securing the node the VPSs will be on. Would I secure it like a normal dedicated server?
I'm worried that if I secured it like I would my dedicated servers it would affect the VPS clients hosted on there. Any assistance is appreciated, even if it's just a recommendation for a management company or single user who could assist us.
People have been abusing my web proxy servers to send SPAM emails. I use PHProxy and I have no mail ports open on my server, or any mail scripts. My network is http://privax.us
Examples of emails (I have listed some notes):
My IP: 188.8.131.52 [url]
Received: from mail.anpmall.net ([184.108.40.206]) by mail.anpmall.net with HTTP (Code-Crafters Ability Mail Server 2.55); - Hmm?
My IP: 220.127.116.11 [url]
My IP: 18.104.22.168 [url]
Received: from 22.214.171.124 ([172.18.12.134]) by vms047.mailsrvcs.net (Sun Java System Messaging Server 6.2-6.01 - hmm Java?
My IP: 126.96.36.199 [url]
I found in logs access to webmail.bellsouth.net at the time of the spamming, so I have blocked use of bellsouth.net on my proxy and banned the IP's. See [url]
These are just some of the spam reports I have, and this is really doing my head in. As mentioned my servers do not have mail ports or mail scripts on them. They use webmin (stripped features) for a control panel.
I really need to find out why my IP is always at the bottom of this. I have asked in this forum before but did not have much luck. I have also contacted security companies to help but they were not sure what is happening.
One theory is the spammers use web based email systems, and when they submit the form the IP (from a PHP POST variable) is my IP because they are running under my proxy. But I have always assumed that if you have an email form and submit it, the server hosting the forms IP gets sent, not the actual persons IP.
That is one theory, but at the end of the day I'm still clueless to how to block this. I have blocked the use of bellsouth.net on my servers but a lot of the spam is coming from anpmall.net as mentioned above.