Webmaster Sun Login
Not a member yet? Sign up

Linux server security?

  • HOME
  • FORUMS
  • BLOGS
  • MARKETPLACE
  • ADVERTISING
  • SPECIAL OFFERS
  • WEB HOSTING
  • QUICK MENU
  • REGISTER HERE - Join us for FREE
Results 1 to 19 of 19
    Stick this thread
  1. #1
    Join Date
    Feb 2013
    Posts
    167
    Thumbs Up/Down
    Received: 6/0
    Given: 117/0
    Thanks
    118
    Thanked 11 Times in 9 Posts

    Linux server security?

    Hey there,

    How can I make my Linux box (cPanel/WHM installed on my VPS) more secure?

    Do you guys share any tips?

    Thanks,

    Bill

  2. #2
    Join Date
    Dec 2015
    Posts
    96
    Thumbs Up/Down
    Received: 54/0
    Given: 5/0
    Thanks
    1
    Thanked 29 Times in 24 Posts
    A good start is installing and configuring CSF - ConfigServer Security & Firewall. Configure cPHulk Brute Force Protection. Rootkit hunter.
    Changing SSH port is also another good thing. Making sure the root password is long and obscure. Securing Apache, hardening PHP... the list goes on.

    This guide should help somewhat - http://www.whmsecurity.com/whm/how-to-whm-server-hardening-and-security-basics
    And this one: http://www.webhostgear.com/cid_6.html

    I'd highly suggest getting someone to harden it for you if this is a production environment, as asking on a forum is generally a good indication that you don't know how
    Keep in mind hardening isn't a fire and forget thing - you need to update these things regularly. Whenever there is a security hole - patches are released fairly quickly - you need to keep on top of such things.

  3. The Following User Says Thank You to Localnode For This Useful Post:
    scopio (03-02-2016)

  4. #3
    Join Date
    Sep 2015
    Posts
    10
    Thumbs Up/Down
    Received: 1/0
    Given: 0/0
    Thanks
    0
    Thanked 0 Times in 0 Posts
    First of all - change your SSH port, disable services that you don't use, install all package updates, install and configure Fail2Ban, it will help you to prevent brute force attacks, analyze your web server logs on a regular basis to detect and to suppress suspicious activities.

  5. #4
    Join Date
    Mar 2016
    Posts
    7
    Thumbs Up/Down
    Received: 8/0
    Given: 0/0
    Thanks
    0
    Thanked 2 Times in 1 Post
    http://www.whmsecurity.com/whm/how-to-whm-server-hardening-and-security-basics is good

    My 2 cents:-
    - Stop unwanted network services from startup
    - Allow set of ips in firewall for ssh or run ssh on different port with set of ips allowed. You ISP network range /16 or /24
    - Configure OUTPUT firewall chain, to only allow ESTABLISHED state traffic. Log & drop other requests. Make sure you dont lock yourself out
    - grsecurity definitely helps in memory overflow exploits
    - Check for overlayfs kernel module. Disable the module, if running. I recollect it is vulnerable
    - Disable ssh root login. Login as normal user(UID>500/1000). Sudo to root with password
    - You can checkout Duo security 2FA for ssh login
    - Make sure you keep all your applications updated regularly
    - Ensure that your CMS is updated regularly
    - If using wordpress, consider using plugins like wordfence, succuri, 6scan, All in One WP Security & Firewall

    Remember that security is a practice.

  6. The Following 2 Users Say Thank You to defsec For This Useful Post:
    BillEssley (03-02-2016),scopio (03-02-2016)

  7. #5
    Join Date
    Feb 2013
    Posts
    167
    Thumbs Up/Down
    Received: 6/0
    Given: 117/0
    Thanks
    118
    Thanked 11 Times in 9 Posts
    Quote Originally Posted by Localnode View Post
    A good start is installing and configuring CSF - ConfigServer Security & Firewall. Configure cPHulk Brute Force Protection. Rootkit hunter.
    Changing SSH port is also another good thing. Making sure the root password is long and obscure. Securing Apache, hardening PHP... the list goes on.
    I have ever not heard of this before, which ports should I allow to open and how to change SSH port?

    Quote Originally Posted by defsec View Post
    My 2 cents:-
    - Stop unwanted network services from startup
    Quote Originally Posted by defsec View Post
    - Allow set of ips in firewall for ssh or run ssh on different port with set of ips allowed. You ISP network range /16 or /24
    Quote Originally Posted by defsec View Post
    - grsecurity definitely helps in memory overflow exploits
    Quote Originally Posted by defsec View Post
    - Check for overlayfs kernel module. Disable the module, if running. I recollect it is vulnerable
    Quote Originally Posted by defsec View Post
    - Disable ssh root login. Login as normal user(UID>500/1000). Sudo to root with password
    Too much useful info for this answer.

    Can you elaborate these steps on how to do them?

    AND

    I read your article from your link

    php.ini & disabled functions
    Edit php.ini like this:

    nano /usr/local/lib/php.ini

    safe_mode = On
    expose_php = Off
    Enable_dl= Off
    magic_quotes = On
    register_globals = off
    display errors = off
    disable_functions = system, show_source, symlink, exec, dl,
    shell_exec, passthru, phpinfo, escapeshellarg,escapeshellcmd


    Then restart Apache

    service httpd restart

    Or you can edit php.ini via WHM:
    WHM – Service Configuration – PHP Configuration Editor
    IF I disabled these functions, it can affect to my CMS or OS works?

  8. #6
    Join Date
    Mar 2016
    Posts
    7
    Thumbs Up/Down
    Received: 8/0
    Given: 0/0
    Thanks
    0
    Thanked 2 Times in 1 Post
    - Changing ssh port
    /etc/ssh/sshd_config

    Port 22

    Restart ser
    - Find running network services (either of the following commands)
    ss -nlp
    netstat -nlp

    Stop services using
    service <service_name> stop

    Remove from startup using update-rc.d or chkconfig

    - Allow your ISP subnet in firewall for ssh
    Port scanning sometimes can reveal ssh ports. Using high port range for ssh, can also be a good idea.

    - Overlayfs vulnerability can help unprivileged user to gain root access.
    http://securitytracker.com/id/1034548

    Ah! Ubuntu has issued a fix for 15.10/15.04 server. Overlayfs module is/was enabled by default(least on Ubuntu), which helps in merging mounts to existing directory of files.

    Disable kernel module by adding "blacklist <module_name>" in /etc/modprobe.d/<name>.conf


    - Disable root login
    /etc/ssh/sshd_config

    PermitRootLogin no

    - Password sudo
    Login in as any other user than root, and sudo to root, using password. Users have a bad habit of not keeping sudo password.

    Edit /etc/sudoers using visudo
    => use PASSWD, instead of ALL/NOPASSWD. Refer manual.

  9. #7
    Join Date
    Jan 2016
    Location
    Dallas, TX
    Posts
    65
    Thumbs Up/Down
    Received: 14/0
    Given: 14/0
    Thanks
    3
    Thanked 6 Times in 6 Posts
    Quote Originally Posted by BillEssley View Post
    I have ever not heard of this before, which ports should I allow to open and how to change SSH port?
    I recommend asking your provider to assist you with this task. Let their support team handle it.

  10. #8
    Join Date
    May 2016
    Posts
    22
    Thumbs Up/Down
    Received: 10/0
    Given: 0/0
    Thanks
    0
    Thanked 0 Times in 0 Posts
    By secure, do you mean prevent unauthorized access? If so there is several techniques you can use to accomplish this.
    1. Change your SSH port from the default. Hackers always port 22 first when attempting to hack their way into a Linux machine.
    2. Only allow logins from trusted IP's. It is a much more complete solution to add a white list rather than a black list, if you can. This can be done via the SSH configuration file.
    3. If you're using MySQL, be sure to escape your queries and never allow for non-escaped user input into a query.

    There is an endless list of things you can do to better secure your machine but remember, you are only as strong as your weakest link.

  11. #9
    Join Date
    Apr 2016
    Location
    Wildwood, GA
    Posts
    41
    Thumbs Up/Down
    Received: 17/0
    Given: 11/0
    Thanks
    5
    Thanked 5 Times in 5 Posts
    - Use sFTP and disable FTP
    - Make sure MySQL has the anonymous user and test database removed (your can use mysql_secure_installation if it is a new setup)
    - Also, be sure the root mysql user has a password assigned.
    - Make sure you have a firewall setup (you can use iptables)
    - Block offending countries if possible. For example, if 100% of the purchases from your site comes from USA then block China and other high risk countries.
    - Change your passwords frequently.
    - If hiring freelancers give them their own account for login (database, ftp, any password you give them) and delete their account once it is no longer needed.
    - If hiring freelancers be careful who you hire and try to not jump around between a lot of contractors (as each person is a risk they might do something malicious to your site to steal something without you knowing).
    - Make sure your browser you use doesn't have a virus (I've seen viruses that inject hidden html code when using WYSIWYG editors)
    - If using WordPress only install trusted plugins and only what you need. Don't install stuff and leave it there and never use it.
    - Make sure you do updates to your server several times a year.

  12. #10
    Join Date
    Mar 2016
    Posts
    20
    Thumbs Up/Down
    Received: 5/0
    Given: 2/0
    Thanks
    9
    Thanked 1 Time in 1 Post
    I got my vps hacked...Can anyone provide the basic things I need to run my vps and stop it getting from hacked..I am running a Cpanel/WHM on it with reseller option but linux security is new to me.

  13. #11
    Join Date
    Jun 2016
    Location
    Scotland, UK.
    Posts
    23
    Thumbs Up/Down
    Received: 5/0
    Given: 1/0
    Thanks
    0
    Thanked 3 Times in 2 Posts
    Quote Originally Posted by Waqass View Post
    I got my vps hacked...Can anyone provide the basic things I need to run my vps and stop it getting from hacked..I am running a Cpanel/WHM on it with reseller option but linux security is new to me.
    Firstly you need to find out exactly how or why it got hacked, without that you'll be fighting a losing battle. You can try running a malware scan through the files, I tend to use Malware Detect;

    Login as root and do the following;

    wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
    tar -zxf maldetect-current.tar.gz
    cd maldetect-*
    sh install.sh
    Once you've done this, you can run it. For a cPanel server, I would run the following (unless you know the site that got hacked to begin with);

    maldet -a /home/?/public_html/
    If you know which site was hacked then do the following (this will heavily shorten the scan if you have a lot of files);

    maldet -a /home/USERNAME/public_html/
    Another option to reduce the time taken to scan is to install ClamAV, you can do this in WHM under the CPAddons section.

    Overall, this program will produce a report with any suspicious looking files which you can then investigate and fix/replace and harden. A web developer would be a good asset in sad times like these.

    Hope this helps!

    Thanks,

    Mike

  14. The Following 2 Users Say Thank You to HM-Mike For This Useful Post:
    harrygreen90 (06-27-2016),Waqass (06-29-2016)

  15. #12
    Join Date
    Dec 2013
    Posts
    281
    Thumbs Up/Down
    Received: 29/0
    Given: 349/0
    Thanks
    80
    Thanked 15 Times in 14 Posts
    Quote Originally Posted by HM-Mike View Post
    Firstly you need to find out exactly how or why it got hacked, without that you'll be fighting a losing battle. You can try running a malware scan through the files, I tend to use Malware Detect;

    Login as root and do the following;

    Once you've done this, you can run it. For a cPanel server, I would run the following (unless you know the site that got hacked to begin with);

    If you know which site was hacked then do the following (this will heavily shorten the scan if you have a lot of files);

    Another option to reduce the time taken to scan is to install ClamAV, you can do this in WHM under the CPAddons section.

    Overall, this program will produce a report with any suspicious looking files which you can then investigate and fix/replace and harden. A web developer would be a good asset in sad times like these.

    Hope this helps!

    Thanks,

    Mike
    In the past I had a WP site that got malware, I scanned it with sucuri or other WP plugins and they could detect files or where was been infected with spyware/malware/virus. I could use same tools like you suggested to install on the VPS but it scanned very long or didn't find any infected files.

    In this case, I think do a fresh install for your VPS and Wordpress can solve the problems. After re-installed latest versions of software on the VPS, we can do some actiction to protect hackers from rehacking it by some configurations like:
    - Secure Php with php's disable_functions
    - Install a firewall.
    - Enable SSL/https for your sites

    Hope it helps!

  16. #13
    Join Date
    Jun 2016
    Posts
    17
    Thumbs Up/Down
    Received: 2/0
    Given: 1/1
    Thanks
    0
    Thanked 1 Time in 1 Post
    Start with Config Server Firewall

    Code:
    Installation
    ============
    Installation is quite straightforward:
    
    cd /usr/src
    rm -fv csf.tgz
    wget https://download.configserver.com/csf.tgz
    tar -xzf csf.tgz
    cd csf
    sh install.sh

  17. #14
    Join Date
    Mar 2016
    Posts
    20
    Thumbs Up/Down
    Received: 5/0
    Given: 2/0
    Thanks
    9
    Thanked 1 Time in 1 Post
    Quote Originally Posted by JonaHost View Post
    Start with Config Server Firewall

    Code:
    Installation
    ============
    Installation is quite straightforward:
    
    cd /usr/src
    rm -fv csf.tgz
    wget https://download.configserver.com/csf.tgz
    tar -xzf csf.tgz
    cd csf
    sh install.sh
    Well I searched a lot and did the following things and still so far not a single attack.

    did a fresh install of VPS
    installed CFS...yeah you recommended it but accidently found it at other places duly recommended by the CPanel team also....helped in securing alot of vulnerabilities.
    Also disabled root login,password login...though same was instructed by CFS. Then a one or two little more tweaks i found on internet.
    Also install anti rootkit, calmAV and secured accounts using jailshell. Well i think I have secured the server to the best of my knowledge but hay even NASA's server get hack so you can are never safe only you can minimize the chances of being targeted to the script kiddies trying to get their hands on un secure VPS.

  18. #15
    Join Date
    Aug 2016
    Posts
    3
    Thumbs Up/Down
    Received: 0/0
    Given: 0/0
    Thanks
    0
    Thanked 1 Time in 1 Post
    CSF firewall installed and configured.
    Mod Security "OWASP ModSecurity Core Rule Set" and configured.
    ClamAV Anti Virus installed and Configured and integrated with exim.
    Maldet installed and configured.
    Lockdown & Hardening the Root Password.
    SSH Port secured
    Noexec, Nosuid Temporary Directories (noexec Directories such as /tmp, /var/tmp, /dev/shm
    Security Updates as per Control Panel.
    Disabled Unwanted Services
    DNS Secured
    Securing and Optimizing MySQL.
    Enable PHP Open_Basedir Protection
    Enable mod_userdir Protection
    Securing Console Access
    PHP5 Hardening (Only, No PHP4)
    Configuring Anti-Spam Features to Reduce Spam ( Enable RBL ACLs, SPF Protection, & Spam Assassin Configurations )
    Apache tweaked and haredend.
    sysctl.conf Hardening.
    Host file hardened.
    Rkhunter installed and configured.
    Chkrootkit installed and configured.
    Fail2Ban installed and configured.
    Shell Fork Bomb Protection
    Background Process Killer

  19. #16
    Join Date
    Jun 2017
    Location
    India
    Posts
    29
    Thumbs Up/Down
    Received: 3/0
    Given: 0/0
    Thanks
    0
    Thanked 0 Times in 0 Posts
    There are some utilities that's follow on the server.
    1. Installing and configuring CSF
    2. Configure cPHulk Brute Force Protection
    3. Rootkit hunter.
    4. change SSH port ans also secure password of root
    5. Stop unwanted network services from startup
    6. Disable ssh root login via Sudo
    7. Make sure you keep all your applications updated regularly
    8. Ensure that your CMS is updated regularly(wordfence-> succuri, 6scan, All in One WP Security & Firewall)

  20. #17
    Join Date
    Mar 2016
    Posts
    20
    Thumbs Up/Down
    Received: 5/0
    Given: 2/0
    Thanks
    9
    Thanked 1 Time in 1 Post
    I have vps from popular companies. How can I know what methods they have employed to secure their dedicated servers?

  21. #18
    Join Date
    Jun 2018
    Posts
    2
    Thumbs Up/Down
    Received: 0/0
    Given: 0/0
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It all depends from what or whom you want to protect it. Linux has such a wide range of security tools

    If it's from internal users, administrators, or external users or from attacks that you want to protect your pannel?

    Proper use of Permissions, proxies and firewalls are good for internal users and internal networks as well as webserver access files and server passwords.

    Never keep database configuration inside your Document Root. Specify base URL.


    Configure
    Hosts.allow; hosts.deny
    Use SSL for every possible server accessed from outside.
    Close all unnecessary ports
    If a process or service do not need to turn on at boot up time, turn it on manually when you needed or write a script to do so.
    Use proxy for the webserver, sftp or ssh. If you log from windows use putty. Use encryption for you storage if possible and for scripts with passwords and login information.
    Configure your IPTables.
    Protect your cache when using combination of server-client technology like AJAX.

  22. #19
    Join Date
    Feb 2013
    Posts
    167
    Thumbs Up/Down
    Received: 6/0
    Given: 117/0
    Thanks
    118
    Thanked 11 Times in 9 Posts
    Quote Originally Posted by Web Marketing Tool View Post
    - Use sFTP and disable FTP
    - Make sure MySQL has the anonymous user and test database removed (your can use mysql_secure_installation if it is a new setup)
    - Also, be sure the root mysql user has a password assigned.
    - Make sure you have a firewall setup (you can use iptables).
    Can you elaborate on thsese points? Why FTP is less secure than sFTP ?
    and using iptables is enough for secure my Linux without installing other firewall software?

Newer Threads

  1. Tshepo
    hmb-robert
    Replies: 5 | Views: 1346
    Last post by hmb-robert, 03-04-2016, 02:16 PM
  2. Emilio
    Nytshade
    Replies: 1 | Views: 735
    Last post by Nytshade, 02-21-2016, 07:59 AM
  3. Emilio
    daniel27lt
    Replies: 15 | Views: 3216
    Last post by daniel27lt, 03-07-2017, 05:16 AM
  4. Harry P
    Claire_Anderson
    Replies: 6 | Views: 1749
    Last post by Claire_Anderson, 09-06-2016, 12:05 PM
  5. Steve32
    MarcS
    Replies: 5 | Views: 1273
    Last post by MarcS, 03-31-2016, 08:55 AM

Older Threads

  1. Alex July
    Harry P
    Replies: 1 | Views: 1042
    Last post by Harry P, 02-20-2016, 04:18 PM
  2. Harry P
    Harry P
    Replies: 9 | Views: 1566
    Last post by Harry P, 02-22-2016, 02:18 AM
  3. trustdnb
    AboutTrillions
    Replies: 7 | Views: 2023
    Last post by AboutTrillions, 04-14-2016, 03:04 PM
  4. rwsorensen
    rrodica6
    Replies: 3 | Views: 1079
    Last post by rrodica6, 02-20-2016, 03:55 PM
  5. rwsorensen
    samueldawson
    Replies: 4 | Views: 1156
    Last post by samueldawson, 02-24-2016, 12:10 PM

Latest Threads

  1. daniel_m
    Best HASHTAGS for twitter?
    By daniel_m in forum Twitter
    Hugo E.
    Replies: 4 | Views: 50
    Last post by Hugo E., Today, 03:27 PM
  2. Ahsaien
    Rob Whisonant
    Replies: 1 | Views: 57
    Last post by Rob Whisonant, 09-22-2018, 05:04 PM
  3. hostingmzd
    hostingmzd
    Replies: 0 | Views: 100
    Last post by hostingmzd, 09-20-2018, 10:28 AM
  4. Thomcrown65
    Hi People
    By Thomcrown65 in forum New Member Introductions
    Hugo E.
    Replies: 5 | Views: 94
    Last post by Hugo E., Today, 03:47 PM
  5. diane380
    Rob Whisonant
    Replies: 3 | Views: 72
    Last post by Rob Whisonant, 09-20-2018, 06:27 AM

Similar Threads

  1. rwsorensen
    MackkJackk
    Replies: 7 | Views: 1797
    Last post by MackkJackk, 02-06-2016, 09:03 AM
  2. Harry P
    hmb-robert
    Replies: 2 | Views: 1658
    Last post by hmb-robert, 02-04-2016, 12:25 PM
  3. iisbetoq
    whland
    Replies: 6 | Views: 3462
    Last post by whland, 09-15-2013, 06:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Internet Marketing Forum

Webmaster Sun is a forum where you’ll find in-depth discussions and resources to help you succeed on the web whether you are new or experienced. You’ll find it all here. With topics ranging from internet marketing, search engine optimization, social networking, make money online, web hosting, affiliate marketing as well as hands-on technical support for web design, programming and more. We are a growing community of like-minded people that is keen to help and support each other with ambitions and online endeavors. Learn and grow, make friends and contacts for life.

Come Hang Out With Us

    Facebook Twitter Webmaster Forum Google+

    Webmaster Sun Logo
Copyright ©2012 - 2018, WebmasterSun.com. All rights reserved. Internet marketing forum for internet marketers, webmasters, web hosting providers, designers and affiliate marketers.

Welcome to Webmaster Sun

The World's Number 1 Webmaster Community, SEO and Marketplace

Log in!

Continue with Facebook
Continue With Email. By signing up you indicate that you have read and agree to the Terms of Service and Privacy Policy.

Sign in Manually

Need an account? Sign up now!