Thread: Linux server security?
02-21-2016, 06:17 AM #1
Linux server security?
How can I make my Linux box (cPanel/WHM installed on my VPS) more secure?
Do you guys share any tips?
02-22-2016, 12:57 AM #2
A good start is installing and configuring CSF - ConfigServer Security & Firewall. Configure cPHulk Brute Force Protection. Rootkit hunter.
Changing SSH port is also another good thing. Making sure the root password is long and obscure. Securing Apache, hardening PHP... the list goes on.
This guide should help somewhat - http://www.whmsecurity.com/whm/how-to-whm-server-hardening-and-security-basics
And this one: http://www.webhostgear.com/cid_6.html
I'd highly suggest getting someone to harden it for you if this is a production environment, as asking on a forum is generally a good indication that you don't know how
Keep in mind hardening isn't a fire and forget thing - you need to update these things regularly. Whenever there is a security hole - patches are released fairly quickly - you need to keep on top of such things.
The Following User Says Thank You to Localnode For This Useful Post:
02-26-2016, 07:07 AM #3
First of all - change your SSH port, disable services that you don't use, install all package updates, install and configure Fail2Ban, it will help you to prevent brute force attacks, analyze your web server logs on a regular basis to detect and to suppress suspicious activities.
03-02-2016, 12:08 PM #4
http://www.whmsecurity.com/whm/how-to-whm-server-hardening-and-security-basics is good
My 2 cents:-
- Stop unwanted network services from startup
- Allow set of ips in firewall for ssh or run ssh on different port with set of ips allowed. You ISP network range /16 or /24
- Configure OUTPUT firewall chain, to only allow ESTABLISHED state traffic. Log & drop other requests. Make sure you dont lock yourself out
- grsecurity definitely helps in memory overflow exploits
- Check for overlayfs kernel module. Disable the module, if running. I recollect it is vulnerable
- Disable ssh root login. Login as normal user(UID>500/1000). Sudo to root with password
- You can checkout Duo security 2FA for ssh login
- Make sure you keep all your applications updated regularly
- Ensure that your CMS is updated regularly
- If using wordpress, consider using plugins like wordfence, succuri, 6scan, All in One WP Security & Firewall
Remember that security is a practice.
03-02-2016, 12:20 PM #5
Can you elaborate these steps on how to do them?
I read your article from your link
php.ini & disabled functions
Edit php.ini like this:
safe_mode = On
expose_php = Off
magic_quotes = On
register_globals = off
display errors = off
disable_functions = system, show_source, symlink, exec, dl,
shell_exec, passthru, phpinfo, escapeshellarg,escapeshellcmd
Then restart Apache
service httpd restart
Or you can edit php.ini via WHM:
WHM – Service Configuration – PHP Configuration Editor
03-02-2016, 03:01 PM #6
- Changing ssh port
- Find running network services (either of the following commands)
Stop services using
service <service_name> stop
Remove from startup using update-rc.d or chkconfig
- Allow your ISP subnet in firewall for ssh
Port scanning sometimes can reveal ssh ports. Using high port range for ssh, can also be a good idea.
- Overlayfs vulnerability can help unprivileged user to gain root access.
Ah! Ubuntu has issued a fix for 15.10/15.04 server. Overlayfs module is/was enabled by default(least on Ubuntu), which helps in merging mounts to existing directory of files.
Disable kernel module by adding "blacklist <module_name>" in /etc/modprobe.d/<name>.conf
- Disable root login
- Password sudo
Login in as any other user than root, and sudo to root, using password. Users have a bad habit of not keeping sudo password.
Edit /etc/sudoers using visudo
=> use PASSWD, instead of ALL/NOPASSWD. Refer manual.
03-14-2016, 11:46 PM #7
05-05-2016, 08:30 AM #8
By secure, do you mean prevent unauthorized access? If so there is several techniques you can use to accomplish this.
1. Change your SSH port from the default. Hackers always port 22 first when attempting to hack their way into a Linux machine.
2. Only allow logins from trusted IP's. It is a much more complete solution to add a white list rather than a black list, if you can. This can be done via the SSH configuration file.
3. If you're using MySQL, be sure to escape your queries and never allow for non-escaped user input into a query.
There is an endless list of things you can do to better secure your machine but remember, you are only as strong as your weakest link.
05-07-2016, 07:57 AM #9
- Use sFTP and disable FTP
- Make sure MySQL has the anonymous user and test database removed (your can use mysql_secure_installation if it is a new setup)
- Also, be sure the root mysql user has a password assigned.
- Make sure you have a firewall setup (you can use iptables)
- Block offending countries if possible. For example, if 100% of the purchases from your site comes from USA then block China and other high risk countries.
- Change your passwords frequently.
- If hiring freelancers give them their own account for login (database, ftp, any password you give them) and delete their account once it is no longer needed.
- If hiring freelancers be careful who you hire and try to not jump around between a lot of contractors (as each person is a risk they might do something malicious to your site to steal something without you knowing).
- Make sure your browser you use doesn't have a virus (I've seen viruses that inject hidden html code when using WYSIWYG editors)
- If using WordPress only install trusted plugins and only what you need. Don't install stuff and leave it there and never use it.
- Make sure you do updates to your server several times a year.
06-12-2016, 08:16 AM #10
I got my vps hacked...Can anyone provide the basic things I need to run my vps and stop it getting from hacked..I am running a Cpanel/WHM on it with reseller option but linux security is new to me.
06-26-2016, 09:14 PM #11
Login as root and do the following;
tar -zxf maldetect-current.tar.gz
maldet -a /home/?/public_html/
maldet -a /home/USERNAME/public_html/
Overall, this program will produce a report with any suspicious looking files which you can then investigate and fix/replace and harden. A web developer would be a good asset in sad times like these.
Hope this helps!
06-27-2016, 09:33 AM #12
In this case, I think do a fresh install for your VPS and Wordpress can solve the problems. After re-installed latest versions of software on the VPS, we can do some actiction to protect hackers from rehacking it by some configurations like:
- Secure Php with php's disable_functions
- Install a firewall.
- Enable SSL/https for your sites
Hope it helps!
06-28-2016, 06:26 PM #13
Start with Config Server Firewall
Installation ============ Installation is quite straightforward: cd /usr/src rm -fv csf.tgz wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf sh install.sh
06-29-2016, 06:11 PM #14
did a fresh install of VPS
installed CFS...yeah you recommended it but accidently found it at other places duly recommended by the CPanel team also....helped in securing alot of vulnerabilities.
Also disabled root login,password login...though same was instructed by CFS. Then a one or two little more tweaks i found on internet.
Also install anti rootkit, calmAV and secured accounts using jailshell. Well i think I have secured the server to the best of my knowledge but hay even NASA's server get hack so you can are never safe only you can minimize the chances of being targeted to the script kiddies trying to get their hands on un secure VPS.
08-23-2016, 08:25 PM #15
CSF firewall installed and configured.
Mod Security "OWASP ModSecurity Core Rule Set" and configured.
ClamAV Anti Virus installed and Configured and integrated with exim.
Maldet installed and configured.
Lockdown & Hardening the Root Password.
SSH Port secured
Noexec, Nosuid Temporary Directories (noexec Directories such as /tmp, /var/tmp, /dev/shm
Security Updates as per Control Panel.
Disabled Unwanted Services
Securing and Optimizing MySQL.
Enable PHP Open_Basedir Protection
Enable mod_userdir Protection
Securing Console Access
PHP5 Hardening (Only, No PHP4)
Configuring Anti-Spam Features to Reduce Spam ( Enable RBL ACLs, SPF Protection, & Spam Assassin Configurations )
Apache tweaked and haredend.
Host file hardened.
Rkhunter installed and configured.
Chkrootkit installed and configured.
Fail2Ban installed and configured.
Shell Fork Bomb Protection
Background Process Killer
06-30-2017, 11:55 AM #16
There are some utilities that's follow on the server.
1. Installing and configuring CSF
2. Configure cPHulk Brute Force Protection
3. Rootkit hunter.
4. change SSH port ans also secure password of root
5. Stop unwanted network services from startup
6. Disable ssh root login via Sudo
7. Make sure you keep all your applications updated regularly
8. Ensure that your CMS is updated regularly(wordfence-> succuri, 6scan, All in One WP Security & Firewall)
07-01-2017, 09:54 AM #17
I have vps from popular companies. How can I know what methods they have employed to secure their dedicated servers?
06-06-2018, 01:36 AM #18
It all depends from what or whom you want to protect it. Linux has such a wide range of security tools
If it's from internal users, administrators, or external users or from attacks that you want to protect your pannel?
Proper use of Permissions, proxies and firewalls are good for internal users and internal networks as well as webserver access files and server passwords.
Never keep database configuration inside your Document Root. Specify base URL.
Use SSL for every possible server accessed from outside.
Close all unnecessary ports
If a process or service do not need to turn on at boot up time, turn it on manually when you needed or write a script to do so.
Use proxy for the webserver, sftp or ssh. If you log from windows use putty. Use encryption for you storage if possible and for scripts with passwords and login information.
Configure your IPTables.
Protect your cache when using combination of server-client technology like AJAX.
06-07-2018, 12:23 PM #19
Replies: 5 | Views: 1255Last post by hmb-robert, 03-04-2016, 02:16 PM
Replies: 1 | Views: 680Last post by Nytshade, 02-21-2016, 07:59 AM
By Emilio in forum Domain NamesReplies: 15 | Views: 2972Last post by daniel27lt, 03-07-2017, 05:16 AM
Replies: 6 | Views: 1645Last post by Claire_Anderson, 09-06-2016, 12:05 PM
By Steve32 in forum Web HostingReplies: 5 | Views: 1187Last post by MarcS, 03-31-2016, 08:55 AM
Replies: 1 | Views: 977Last post by Harry P, 02-20-2016, 04:18 PM
By Harry P in forum Web HostingReplies: 9 | Views: 1425Last post by Harry P, 02-22-2016, 02:18 AM
Replies: 7 | Views: 1895Last post by AboutTrillions, 04-14-2016, 03:04 PM
Replies: 3 | Views: 1011Last post by rrodica6, 02-20-2016, 03:55 PM
Replies: 4 | Views: 1056Last post by samueldawson, 02-24-2016, 12:10 PM
Replies: 2 | Views: 94Last post by smsmbooster, Yesterday, 08:09 AM
Replies: 2 | Views: 90Last post by DarranD, 06-22-2018, 03:03 PM
Replies: 1 | Views: 100Last post by Mike001, 06-21-2018, 03:34 PM
Replies: 0 | Views: 73Last post by harrygreen90, 06-21-2018, 03:21 AM
Replies: 1 | Views: 105Last post by paul1129, 06-21-2018, 12:01 PM
By rwsorensen in forum Web HostingReplies: 7 | Views: 1704Last post by MackkJackk, 02-06-2016, 09:03 AM
By Harry P in forum Web HostingReplies: 2 | Views: 1563Last post by hmb-robert, 02-04-2016, 12:25 PM
Replies: 6 | Views: 3321Last post by whland, 09-15-2013, 06:58 PM