Linux Server Hardening
Nov 23, 2007
1. I don't use nor will I EVER use cPanel (royal POS in my opinion). I might, however, have DirectAdmin installed (not sure yet)
2. CentOS 5, 64-bit edition
3. Apache 2.2 latest, MYSQL 5.1 latest, PHP 5.2 latest
I usually use appears to be super busy and just not able to get the job done. No slight on him, he has a busy work schedule. So I'm looking to go outside of my comfort zone and see other companies to use. I don't think I can use Platinum as I outright refuse to even discuss cPanel as an option. If I want an underperforming, unsecure and incompatible web and database server, I'll run Windows.
So I'm looking for the usual end-to-end hardening package. I'm too lazy to do it myself and I'll forget to do something. Any recommendations out there in WHT land?
View 3 Replies
ADVERTISEMENT
Oct 29, 2009
We have discussed all the basic methods of securing and hardening the server. Lets leave all the basic and general server securing and hardening I have started this to get advance knowledge in securing and hardening of the server so that it will usefull for all the person So i request all to provide all the vaulable tips and suggestions in advance securing and hardening of linux servers I welcome all the comments related to advance securing and hardening of linux servers.
View 5 Replies
View Related
Apr 16, 2009
So I did something terribly dumb early this AM...go me...and I had to reinstall. Yes, it was that bad. Kernel panics, a hoarked up bootloader, nothing in the execution path, etc. Let's just say that between the 2.6.18-128.el5 kernel (I've been reading that there are a lot of reports of file corruption after this update, something I saw as well...) and yum doing something it wasn't supposed to, I'm having to start over. Thank goodness for backups. Anyways, to my questions:
CentOS 5.3 64-bit, clean install, no CP yet. I'm trying to get the base OS clean, simple and hardened before I put DA on there again and restore my websites but I have a few questions since I'm a network dork and normally pay for people to do the extended server hardening for me.
/etc/passwd/ ....
View 1 Replies
View Related
Feb 6, 2008
I have a dedicated server, and want to make it safe...
I once had a HOWTO to do that with things as APF and such, but is there some howto out there that is recent?
View 3 Replies
View Related
Sep 15, 2007
What a few things you would do to boost the security of your VPS? So far I have securing/restricting SSH access, installing chkrootkit and putting up a firewall. Any other things I should do?
Just noticed I put VPS Server Hardening, should be VPS Hardening
View 10 Replies
View Related
Oct 25, 2007
There are many people who sell server hardening for windows and linux and all the packages are pretty much the same. I don't want to give anyone outside access to my server no matter how much they claim to be good, fact is once it's out, it's out.
Is there an online resource with some sort of check list and links for a quality server hardening for windows and linux servers?
I.E. install this, install that, configure this?
Seems that do it yourself is worth the training and $100
View 5 Replies
View Related
Jul 22, 2007
Is there a guide or check list of settings to make on a new box that I can follow to lock it down?
View 1 Replies
View Related
Dec 24, 2008
Other than anti-virus
View 8 Replies
View Related
Aug 15, 2008
We have a linux server running cPanel/WHM and using Exim for mail, we're also using SpamAssassin to label messages as spam. I have made a few modifications to settings and installed things like DomainKeys, but am wondering if I am doing enough.
My objectives are to:
1) Prevent mail users on the server from being inundated with spam, and/or be able to effectively manage any spam that does come through.
2) Ensure that messages that my mail users send out remains as highly deliverable as possible.
3) Make it difficult for third parties to exploit my mail server for their own spamming needs.
Are there any good tutorials out there on this stuff that should at least cover some of my bases? Where should I begin? The only thing preventing me from hiring out the work to someone else is that I'd like to learn how to do it myself.
View 3 Replies
View Related
Nov 8, 2008
Does any one know of any good articles/tutorials on how to harden PHP and Apache on a cPanel VPS?
View 6 Replies
View Related
Jan 12, 2008
I want to restrict ALL port 25 and port 26 email only to users who authenticate first.
I thought it came this way on Cpanel boxes, but yet there's a ton of crap being relayed through my box and getting me on tons of blacklists.
View 0 Replies
View Related
Mar 19, 2009
where I can find a guide or how-to to hardening Debian Lenny web server (a xen vps one)?
View 0 Replies
View Related
Nov 27, 2007
while the ELS script looks pretty sexy on paper, it appears that the hardening of the /tmp and /shm is fairly problematic on CentOS 5 systems. Apparently the entire process is mucking up /etc/fstab and yes, I know, I'm being 100% lazy by using a script...so sue me.
Wanted to see if anyone had any success or complete disaster stories running ELS on a CentOS 5, preferrably 64-bit, system in the past few months and would be willing to share their experience. There's more than just the filesystem hardening in it and I'm looking for some of the other aspects but that seems to be the reoccuring nightmare scenario people are having.
For those wondering what ELS is, here's a good (and bad) discussion about it on the DirectAdmin forums. I'm sure there's others but this is where my search started.
[url]
View 2 Replies
View Related
Mar 26, 2009
Since this got lost (google cache of thread discussion so far)
[url]
im reposting because i think it was an interesting discussion.
I'm setting up a cpanel server for the first time. I was wondering if i could harden the default cpanel permissions for the user folders in /home The idea is to prevent users viewing each others files. Please don't suggest the php open_basedir option as its not secure and doesn't work with cgi based file browsers.
Note I'm using suexec/suphp.
currently new cpanel users folders are created with
group and user ownership and the permissions 755
I was thinking if i changed this to 711 would this break anything?
Could i lock this down even more by changing the group ownership to "nobody" and thus have permissions 710.
View 3 Replies
View Related
Jan 26, 2007
I am compiling a list of security hardening procedures which should be performed to a server, with the goal of coming up with a comprehensive list of hardening procedures which should be implemented.
The following lists the details I have compiled so far. Please feel free to contribute additional hardening tips so we may come up with a full and thorough list:
Install mod_security
Install mod_evasive
Install mod_limitipconn
Install APF
Install BFD
Install PRM
Install SIM
Install portsentry
Install chkrootkit and configure reporting cronjob
Install rkhunder and configure reporting cronjob
Install snort
Install tripwire
Install libsafe
Install mail header patch to identify cause of spam sent through nobody
Limit compiler and fetch utilities access to root only
Correct folder permissions to prevent directory transversal
Remove unneeded OS packages
Upgrade kernal to latest OS release
Ensure MySQL password is set
Ensure OpenSSH protocol is only using protocol 2
Ensure cannot SSH directly to root. Must SSH to admin first.
Enforce noexec & nosuid on temporary directories /tmp and /var/tmp
Disable used services
Disable DNS recursion
Disable IP source routing
Disable IMCP redirect acceptance
Disable certain php functions (system, exec, shell_exec)
Enable IP spoofing protection
Enable Spoofing protection
Enable syncookie protection
Enable misc. sysctl settings
Harden host.conf
View 6 Replies
View Related
May 3, 2007
I've just ordered my new Windows 2003 server with 49Pence.com and will be taking "delivery" of it once they have commissioned it.
Anyway, I would appreciate some advice on how to secure it. I have been used to the luxury of a hardware firewall, but budgetary constraints mean I will have to rely upon a software firewall (something that scares me a little). It will be running our company websites, MSSQL and MDaemon mailserver.
I am not sure exactly how the server will be delivered, but I assume it will arrive fully patched with Remote Desktop access, and Windows Firewall installed.
First question: Is Windows Firewall sufficent? I am more used to configuring firewalls with Ports/Protocols/IP's rather than "applications". I also understand that Windows Firewall cannot restrict access to specific IP's.
I read that IPSec / TCP Filtering should also be used. I've looked at various links and have an idea how to do this, but I do not want to make a mistake and get "locked out". I saw a post saying that during testing they set up a scheduled job to reset the IPSec policies every x minutes so that they can log back in if they do make a mistake. How would this be done (in terms of IPSec) .. or is this a matter of stopping a service?
If I go with another software firewall, is there an easy way to install remotely without getting locked out of the Remote Desktop? KVM over IP is a charged by the hour.
It is "safe" to leave Port 3389 open and rely upon passwords (and potentially IPSEC IP policies), or should I administer by VPN?
If so, it seems that in order to create a VPN connection on the server, it requires that the Windows Firewall is shut down (at least on my test server here). Obviously this is something I don't want to do!
View 5 Replies
View Related
Jul 4, 2007
what is the fast and best way?
View 4 Replies
View Related
Jul 20, 2015
I'm wondering whether it is possible to perform a full server migration to a new Plesk server with the same hostname or will Plesk give an error about the hostname being the same?
The new server would not be accessible by hostname (only via IP) until DNS and glue records were changed after the migration.
View 1 Replies
View Related
Jan 10, 2008
I have a linux server for a video sharring site
The video encoder that I prefer to use will only work in a windows enviorment
The windows server would pass off the converted video to the Linux server.
Will a Samba server for Linux allow a Linux machine to connect and share files with a Windows machine work for this application.
Although it's probably a dumb question but can Linux and Windows exist on the same server?
View 3 Replies
View Related
Jan 30, 2008
I setup one Linux server, I want use SSH transfer my website data (already .tar) to another Linux server. May I know what SSH command to use and transfer my file to another Linux server?
View 3 Replies
View Related
Sep 11, 2008
i was wondering whats the difference between a windows server and a linux server. if a client asks me which one should they choose? which one is better? what should i tell them to go with
View 7 Replies
View Related
Aug 5, 2007
how to install VNC server such as TightVNC on linux server remotely?
i can access my server only through ssh. (putty).
is there a way to install VNCserver in linux over ssh?
View 12 Replies
View Related
May 25, 2009
I have purchased a new server with a company that has very little support (but they are great for reasons that matters). I need help from experts here to answer the following question
Quote:
We do not offer Plesk or cPanel.
Which Linux do you want installed on the server ?
I plan to install Joomla and AmemberPro software on this server
Joomla Requirements:
"Basically any Linux distribution will be fine, but for Security and Stability Debian, for useability and ease of maintenance Fedora/CentOS"
AmemberPro Requirements
* PHP version 4.1.0 or newer;
* MySQL version 3.23 or newer;
* Apache WebServer (it usually only installed on Unix hostings, and almost never on Windows);
* Ability to run one ionCube Loader or Zend Optimizer.
View 14 Replies
View Related
Aug 3, 2008
So far I was developing site in HTML only. I used to host them on windows based server. I use to place site in web folder using filezilla program
Now i have taken space on Linux server. I would like to know how host files on that as I have developed site in php with mysql as database with local apache server. It works ok offline.
I would like to know
1. what folders I get
2. How to upload
3. How to transfer database in mysql
View 9 Replies
View Related
Mar 27, 2008
What is the best FREE Linux OS for a server? As I have a new server and need to install an OS
View 14 Replies
View Related
Apr 14, 2007
trying to figure out how to get asp/aspx/asp.net working on my linux whm server....
so far i've tried installing mod_mono, both via whm as well as manually. also tried the perl module APACHE:ASP but no matter what i do it doens't work, a sample .asp page just shows regular code.
i've been told to try out chillisoft's ASP server (now owned by sun).
before i devote any more time or potentially waste more time on this, could someone point me out to a solution that actually WORKS? most of these tutorials i'm seeing are years old and most don't even work...
View 7 Replies
View Related
Apr 14, 2009
How can remove eth0:12 (for ever) from ssh server?
View 3 Replies
View Related
Sep 27, 2008
I have read some in this forum and the sites I saw linked to others seemed ok but none I've seen really gave me options on more bandwidth.
I figured I would just post what I need and my budget and see if anyone could help me out or point me in the right direction and it be a site I havn't seen before.
I am currently with another dedicated provider that I will not name but I messed up something simple (I know what it is) while trying to add an ip to the box. I submitted a ticket Friday morning at 4am EST time explaing exactly what I need done, and how to do it just so they don't have to even research it. Needless to say the ticket was not even TOUCHED all day today (Friday) and now I am told it will not be looked at until Monday. This means I am without a server for the weekend unless I want to pay a good chunk for "emergency support". I personally find this absurd and think something simple should be a phone call away.
I typed all of this out to explain why I am looking for a new server.
I need a decent (but not hard core) processor, preferably not celeron or sempron.
Atleast 1 gig of ram and 100-200 gig or so HD. The biggest thing I need is transfer, I honestly do not care if its a 10 or 100Mbps port. I need atleast 3 to 4 TB (4000 GB) of transfer.
My price range is 100-150 USD a month.
View 7 Replies
View Related
Sep 19, 2008
is there a tool to understand which php script "eat" cpu on a linux server?
View 2 Replies
View Related
Jun 13, 2008
Im running Debian Etch as a webserver, on a dell poweredge 2650, it has been working great, and a few months ago it was up a little over 100 days and it just stopped allowing me to login via ssh or ftp or webmin (which uses the linux password file). i couldnt even log in at the console so i just rebooted it (power switch) and then once it came back up it worked fine. and now about 100+ days later its doing the same exact thing. I must note that all the websites on the system are still working fine, apache and mysql have not been affected, however the mail system seems to have stopped again too. Has anyone else ever had this sort of problem?
View 3 Replies
View Related
Sep 7, 2007
I see a company that support asp in linux server. i search and i found that a mod in apache server do it.
who know about this mod?
install it in my server?
View 5 Replies
View Related
