Linux server security?

BillEssley

WMS Marketplace Seller
Joined
Feb 19, 2013
Messages
195
Points
18
Hey there,

How can I make my Linux box (cPanel/WHM installed on my VPS) more secure?

Do you guys share any tips?

Thanks,

Bill
 

Localnode

Member
Joined
Dec 15, 2015
Messages
96
Points
18
A good start is installing and configuring CSF - ConfigServer Security & Firewall. Configure cPHulk Brute Force Protection. Rootkit hunter.
Changing SSH port is also another good thing. Making sure the root password is long and obscure. Securing Apache, hardening PHP... the list goes on.

This guide should help somewhat - [URLnofo]http://www.whmsecurity.com/whm/how-to-whm-server-hardening-and-security-basics[/URLnofo]
And this one: [URLnofo]http://www.webhostgear.com/cid_6.html[/URLnofo]

I'd highly suggest getting someone to harden it for you if this is a production environment, as asking on a forum is generally a good indication that you don't know how :)
Keep in mind hardening isn't a fire and forget thing - you need to update these things regularly. Whenever there is a security hole - patches are released fairly quickly - you need to keep on top of such things.
 

ProxyRadar

New member
Joined
Sep 19, 2015
Messages
10
Points
0
First of all - change your SSH port, disable services that you don't use, install all package updates, install and configure Fail2Ban, it will help you to prevent brute force attacks, analyze your web server logs on a regular basis to detect and to suppress suspicious activities.
 

BountySite

Member
Joined
Mar 2, 2016
Messages
43
Points
8
[URLnofo]http://www.whmsecurity.com/whm/how-to-whm-server-hardening-and-security-basics[/URLnofo] is good

My 2 cents:-
- Stop unwanted network services from startup
- Allow set of ips in firewall for ssh or run ssh on different port with set of ips allowed. You ISP network range /16 or /24
- Configure OUTPUT firewall chain, to only allow ESTABLISHED state traffic. Log & drop other requests. Make sure you dont lock yourself out
- grsecurity definitely helps in memory overflow exploits
- Check for overlayfs kernel module. Disable the module, if running. I recollect it is vulnerable
- Disable ssh root login. Login as normal user(UID>500/1000). Sudo to root with password
- You can checkout Duo security 2FA for ssh login
- Make sure you keep all your applications updated regularly
- Ensure that your CMS is updated regularly
- If using wordpress, consider using plugins like wordfence, succuri, 6scan, All in One WP Security & Firewall

Remember that security is a practice.
 

BillEssley

WMS Marketplace Seller
Joined
Feb 19, 2013
Messages
195
Points
18
A good start is installing and configuring CSF - ConfigServer Security & Firewall. Configure cPHulk Brute Force Protection. Rootkit hunter.
Changing SSH port is also another good thing. Making sure the root password is long and obscure. Securing Apache, hardening PHP... the list goes on.
I have ever not heard of this before, which ports should I allow to open and how to change SSH port?

My 2 cents:-
- Stop unwanted network services from startup
- Allow set of ips in firewall for ssh or run ssh on different port with set of ips allowed. You ISP network range /16 or /24
- grsecurity definitely helps in memory overflow exploits
- Check for overlayfs kernel module. Disable the module, if running. I recollect it is vulnerable
- Disable ssh root login. Login as normal user(UID>500/1000). Sudo to root with password
Too much useful info for this answer.

Can you elaborate these steps on how to do them?

AND

I read your article from your link

php.ini & disabled functions
Edit php.ini like this:

nano /usr/local/lib/php.ini

safe_mode = On
expose_php = Off
Enable_dl= Off
magic_quotes = On
register_globals = off
display errors = off
disable_functions = system, show_source, symlink, exec, dl,
shell_exec, passthru, phpinfo, escapeshellarg,escapeshellcmd


Then restart Apache

service httpd restart

Or you can edit php.ini via WHM:
WHM – Service Configuration – PHP Configuration Editor
IF I disabled these functions, it can affect to my CMS or OS works?
 

BountySite

Member
Joined
Mar 2, 2016
Messages
43
Points
8
- Changing ssh port
/etc/ssh/sshd_config

Port 22

Restart ser
- Find running network services (either of the following commands)
ss -nlp
netstat -nlp

Stop services using
service <service_name> stop

Remove from startup using update-rc.d or chkconfig

- Allow your ISP subnet in firewall for ssh
Port scanning sometimes can reveal ssh ports. Using high port range for ssh, can also be a good idea.

- Overlayfs vulnerability can help unprivileged user to gain root access.
[URLnofo]http://securitytracker.com/id/1034548[/URLnofo]

Ah! Ubuntu has issued a fix for 15.10/15.04 server. Overlayfs module is/was enabled by default(least on Ubuntu), which helps in merging mounts to existing directory of files.

Disable kernel module by adding "blacklist <module_name>" in /etc/modprobe.d/<name>.conf


- Disable root login
/etc/ssh/sshd_config

PermitRootLogin no

- Password sudo
Login in as any other user than root, and sudo to root, using password. Users have a bad habit of not keeping sudo password.

Edit /etc/sudoers using visudo
=> use PASSWD, instead of ALL/NOPASSWD. Refer manual.
 

Mike_Brown

New member
Joined
May 5, 2016
Messages
22
Points
0
By secure, do you mean prevent unauthorized access? If so there is several techniques you can use to accomplish this.
1. Change your SSH port from the default. Hackers always port 22 first when attempting to hack their way into a Linux machine.
2. Only allow logins from trusted IP's. It is a much more complete solution to add a white list rather than a black list, if you can. This can be done via the SSH configuration file.
3. If you're using MySQL, be sure to escape your queries and never allow for non-escaped user input into a query.

There is an endless list of things you can do to better secure your machine but remember, you are only as strong as your weakest link.
 

Web Marketing Tool

New member
Joined
Apr 30, 2016
Messages
41
Points
0
- Use sFTP and disable FTP
- Make sure MySQL has the anonymous user and test database removed (your can use mysql_secure_installation if it is a new setup)
- Also, be sure the root mysql user has a password assigned.
- Make sure you have a firewall setup (you can use iptables)
- Block offending countries if possible. For example, if 100% of the purchases from your site comes from USA then block China and other high risk countries.
- Change your passwords frequently.
- If hiring freelancers give them their own account for login (database, ftp, any password you give them) and delete their account once it is no longer needed.
- If hiring freelancers be careful who you hire and try to not jump around between a lot of contractors (as each person is a risk they might do something malicious to your site to steal something without you knowing).
- Make sure your browser you use doesn't have a virus (I've seen viruses that inject hidden html code when using WYSIWYG editors)
- If using WordPress only install trusted plugins and only what you need. Don't install stuff and leave it there and never use it.
- Make sure you do updates to your server several times a year.
 

BillEssley

WMS Marketplace Seller
Joined
Feb 19, 2013
Messages
195
Points
18
BillEssley
Can you elaborate on thsese points? Why FTP is less secure than sFTP ?
and using iptables is enough for secure my Linux without installing other firewall software?
 

Waqass

Member
Joined
Mar 6, 2016
Messages
37
Points
8
I got my vps hacked...Can anyone provide the basic things I need to run my vps and stop it getting from hacked..I am running a Cpanel/WHM on it with reseller option but linux security is new to me.
 

HM-Mike

New member
Joined
Jun 26, 2016
Messages
23
Points
0
I got my vps hacked...Can anyone provide the basic things I need to run my vps and stop it getting from hacked..I am running a Cpanel/WHM on it with reseller option but linux security is new to me.
Firstly you need to find out exactly how or why it got hacked, without that you'll be fighting a losing battle. You can try running a malware scan through the files, I tend to use Malware Detect;

Login as root and do the following;

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -zxf maldetect-current.tar.gz
cd maldetect-*
sh install.sh
Once you've done this, you can run it. For a cPanel server, I would run the following (unless you know the site that got hacked to begin with);

maldet -a /home/?/public_html/
If you know which site was hacked then do the following (this will heavily shorten the scan if you have a lot of files);

maldet -a /home/USERNAME/public_html/
Another option to reduce the time taken to scan is to install ClamAV, you can do this in WHM under the CPAddons section.

Overall, this program will produce a report with any suspicious looking files which you can then investigate and fix/replace and harden. A web developer would be a good asset in sad times like these.

Hope this helps!

Thanks,

Mike
 

harrygreen90

Active member
Joined
Dec 17, 2013
Messages
413
Points
28
harrygreen90
In the past I had a WP site that got malware, I scanned it with sucuri or other WP plugins and they could detect files or where was been infected with spyware/malware/virus. I could use same tools like you suggested to install on the VPS but it scanned very long or didn't find any infected files.

In this case, I think do a fresh install for your VPS and Wordpress can solve the problems. After re-installed latest versions of software on the VPS, we can do some actiction to protect hackers from rehacking it by some configurations like:
- Secure Php with php's disable_functions
- Install a firewall.
- Enable SSL/https for your sites

Hope it helps!
 

JonaHost

New member
Joined
Jun 28, 2016
Messages
21
Points
0
Start with Config Server Firewall

Code:
Installation
============
Installation is quite straightforward:

cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
 

Waqass

Member
Joined
Mar 6, 2016
Messages
37
Points
8
Waqass
Well I searched a lot and did the following things and still so far not a single attack.

did a fresh install of VPS
installed CFS...yeah you recommended it but accidently found it at other places duly recommended by the CPanel team also....helped in securing alot of vulnerabilities.
Also disabled root login,password login...though same was instructed by CFS. Then a one or two little more tweaks i found on internet.
Also install anti rootkit, calmAV and secured accounts using jailshell. Well i think I have secured the server to the best of my knowledge but hay even NASA's server get hack so you can are never safe only you can minimize the chances of being targeted to the script kiddies trying to get their hands on un secure VPS.
 

serversupport

New member
Joined
Aug 23, 2016
Messages
3
Points
0
CSF firewall installed and configured.
Mod Security "OWASP ModSecurity Core Rule Set" and configured.
ClamAV Anti Virus installed and Configured and integrated with exim.
Maldet installed and configured.
Lockdown & Hardening the Root Password.
SSH Port secured
Noexec, Nosuid Temporary Directories (noexec Directories such as /tmp, /var/tmp, /dev/shm
Security Updates as per Control Panel.
Disabled Unwanted Services
DNS Secured
Securing and Optimizing MySQL.
Enable PHP Open_Basedir Protection
Enable mod_userdir Protection
Securing Console Access
PHP5 Hardening (Only, No PHP4)
Configuring Anti-Spam Features to Reduce Spam ( Enable RBL ACLs, SPF Protection, & Spam Assassin Configurations )
Apache tweaked and haredend.
sysctl.conf Hardening.
Host file hardened.
Rkhunter installed and configured.
Chkrootkit installed and configured.
Fail2Ban installed and configured.
Shell Fork Bomb Protection
Background Process Killer
 

onliveserver

New member
Joined
Jun 22, 2017
Messages
29
Points
0
There are some utilities that's follow on the server.
1. Installing and configuring CSF
2. Configure cPHulk Brute Force Protection
3. Rootkit hunter.
4. change SSH port ans also secure password of root
5. Stop unwanted network services from startup
6. Disable ssh root login via Sudo
7. Make sure you keep all your applications updated regularly
8. Ensure that your CMS is updated regularly(wordfence-> succuri, 6scan, All in One WP Security & Firewall)
 

Waqass

Member
Joined
Mar 6, 2016
Messages
37
Points
8
I have vps from popular companies. How can I know what methods they have employed to secure their dedicated servers?
 

gmanon

New member
Joined
Jun 6, 2018
Messages
2
Points
0
It all depends from what or whom you want to protect it. Linux has such a wide range of security tools

If it's from internal users, administrators, or external users or from attacks that you want to protect your pannel?

Proper use of Permissions, proxies and firewalls are good for internal users and internal networks as well as webserver access files and server passwords.

Never keep database configuration inside your Document Root. Specify base URL.


Configure
Hosts.allow; hosts.deny
Use SSL for every possible server accessed from outside.
Close all unnecessary ports
If a process or service do not need to turn on at boot up time, turn it on manually when you needed or write a script to do so.
Use proxy for the webserver, sftp or ssh. If you log from windows use putty. Use encryption for you storage if possible and for scripts with passwords and login information.
Configure your IPTables.
Protect your cache when using combination of server-client technology like AJAX.
 

BenSupportSages

New member
Joined
Jun 13, 2019
Messages
18
Points
3
You can make your server secure by taking care of the following factors.
Use secure passwords
Secure SSH
Secure Apache
Harden your operating system
Restrict your system’s compilers
Disable unused services and daemons
Monitor your system
Control access to services by IP Address
Enable a firewall
Stay up-to-date
 

macfanpl

New member
Joined
Feb 1, 2020
Messages
14
Points
3
Harden your install.

1. Change SSH port,
2. Make your drives map-resistant (many deceitful software vendors will do their best to map /dev/sda and so on),
3. Install fail2ban and configure it to disallow all incoming traffic at the same time allowing all outgoing.
4. Follow simple rule :: the less there is on your harddrive the better; install what you really need only. Stay away from spies like KDE, Mozilla, Qt and alike. Do your research before installing not after
 

Server Trafficweb

New member
Joined
Jul 24, 2020
Messages
15
Points
1
The first thing you should do to secure your server is to update the local repositories and upgrade the operating system and installed applications by applying the latest patches.
 

hostguy

New member
Joined
Sep 25, 2021
Messages
20
Points
3
Its very important to secure secure server, there are various steps available to secure server.
  • Install CSF (Config server firewall)
  • You can change default SSH port and use any other port number. Default SSH port is 22.
  • Check your PC for any malware and do not save any password in browser.
  • Enable Brute force protection.
 
Older threads
Replies
1
Views
2,483
Replies
9
Views
4,516
Replies
7
Views
3,962
Replies
4
Views
2,599
Newer threads
Latest threads
Replies
1
Views
36
Replies
0
Views
45
Replies
0
Views
41
Replies
1
Views
56
Replies
3
Views
126
Recommended threads

Latest postsNew threads

Referral contests

Referral link for :

Sponsors

Popular tags

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top