How To Server Security / Hardening

Portal Home > Knowledgebase > Articles Database > How To Server Security / Hardening

Posted by orangewebhosting0net, 05-03-2007, 01:40 PM
Can someone please write a tutorial on server security and hardening for linux centos5 servers. Icluding software and config settings. very appreciative if someone could
Posted by DedicatedBox, 05-03-2007, 05:30 PM
Does it have a control panel?
Posted by keywolf, 05-05-2007, 02:08 AM
a cPanel guide would be ideal
Posted by DedicatedBox, 05-10-2007, 02:25 PM
I thought there are enough articles about that, however, if you would like to have the basics, then I'd be happy to provide it.
Posted by orangewebhosting0net, 05-11-2007, 01:29 PM
yes its the latest cpanel version thanks dedicated box it would be great if you could
Posted by DedicatedBox, 05-15-2007, 10:46 AM
At this moment I have not alot of time, I will write you a small tut. but for now, the basics would be: In security center/tweak security, enable these: PHP open_basedir Tweak Compilers Tweak (disable them to unprivileged users) SMTP Tweak Shell forkm bomb protection You may also want to click once on: Modify Apache Memory Usage in cPanel 11 you will also find these comfortable to use: SSH Password Auth Tweak cPHulk Brute Force Protection and in cPanel PRO you may find it easy to enable "ClamAV" anti-virus scanner. For the rest i can only advise you to see my two topics here: http://www.webhostingtalk.com/showthread.php?t=599243 (Trojan Scanner/Rootkit detector) http://www.webhostingtalk.com/showthread.php?t=593583 (APF Firewall) When I have more time I will go more into details about securing cPanel servers.
Posted by markokaup, 02-09-2008, 07:02 PM
http://servermonkeys.com/els.php I found this script one day! Just amazing.. My system is CentOS 5 whit Plesk 8.3 and works nicely. Some complication whit ioncube which I have installed but script will notify that and won't install anything whit complications!
Posted by saloniborkar, 02-10-2008, 04:13 AM
Hi..check out this site for more security related info and tutorials.. http://www.webhostgear.com/314.html Hope this helps !!!
Posted by sky2k4, 03-16-2008, 12:10 PM
saloniborkar Thanks! darn good site for deditcated issues and security
Posted by DedicatedBox, 03-16-2008, 12:12 PM
As a side-note, I would visit www.eth0.us, great site.
Posted by matt1206, 03-16-2008, 01:05 PM
That is a really useful script
Posted by Netarch, 03-19-2008, 09:45 PM
Thanks for sharing, really useful script!
Posted by Rageki-John, 03-19-2008, 10:20 PM
That website looks outdated but I was wondering would that work on Fedora 7?
Posted by chrismfz, 03-21-2008, 09:57 PM
Uninstall APF/BFD if you have already installed on the system. Download and install ConfigServer Firewall at http://www.configserver.com/cp/csf.html run the Cpanel Install from shell. Then you will see it at the bottom of WHM Plugins section. It has a huge security check list that you "have" to do to secure the server (like: Check /tmp permissions, shell limits, php disable functions etc) and if something is "wrong" or not secured it has guidelines how to secure it. It updates itself automatically too Also, the monitor notifies you for almost everything. If someone farts in the Datacenter, you will be notify. And of course you can install the mod security plugin directly from the plugin link in Cpanel and get the gotroot.com ruleset. It prevents most of the web attacks out there. Anyway, for an "automated" solution CSF rules And another site that is brand new and not yet 100% completed http://www.securecentos.com/ has nice information and tips about centos / cpanel security tips. Regards, Chris
Posted by olddocks, 06-02-2008, 03:09 PM
see this: http://mysql-apache-php.com/basic-linux-security.htm
Posted by markokaup, 06-03-2008, 03:44 AM
And this: http://servermonkeys.com/els.php
Posted by chrismfz, 06-03-2008, 04:15 PM
And why not, this: http://www.securecentos.com/
Posted by markokaup, 06-04-2008, 02:04 AM
Good one! Bookmarked.. Thanks.
Posted by duckie04, 06-07-2008, 04:45 PM
Helped a bunch. Thanks guys
Posted by bills, 06-17-2008, 11:16 AM
Go for els script in server monkeys. You can do all the hardening with it in few minutes.
Posted by __Arjay, 06-21-2008, 07:12 AM
If your uisng Cpanel better try http://www.cpanelconfig.com/
Posted by lutfiallail, 07-15-2008, 07:19 AM
Is it enough using servermonkeys.com/els.php script on Centos5 with DirectAdmin? And what if tutorial at securecentos.com + servermonkeys.com/els.php? Need step by step on hardening Centos5 + DirectAdmin Thanks
Posted by chrda, 07-15-2008, 07:34 AM
It all depends on if you are going to give shell access to your customer. Ill recommend grsecurity kernel, if you follow my instruction on securecentos you should be good. it will do a lot for your system security And ELS got a lot of nice features you should use. But rkhunter and chkrootkit are not needed, they arent updated anymore after what i have seen. Use OSSEC, they have implented a rootkit scanner if i aint wrong. Also from the ELS page, Centos 5.x isnt supported. But maybe script is updated. But a quick warning, if your planning on selling webspace, you should have someone do this first time job for you. 3 things you should do: - Firewall - APF or CSF - Grsecurity Kernel - LES - http://www.securecentos.com/installi...-security.html Its a start atleast I am a bit busy atm else i would helped you out (FOR FREE) Last edited by chrda; 07-15-2008 at 07:48 AM.
Posted by lutfiallail, 07-15-2008, 07:45 AM
chrda I do not want sell webspace, this server just for me. So, if i buy new server with CentOS 5 + DirectAdmin what step i must follow from your securecentos.com? Thanks.
Posted by chrda, 07-15-2008, 07:49 AM
Grsecurity Change SSH Port LES OSSEC its a good start If you got free OS Reload, you can try and fail alittle
Posted by lutfiallail, 07-15-2008, 08:04 AM
chrda I will follow your guides. Thanks
Posted by Cyru$, 07-17-2008, 07:13 AM
thanks all
Posted by kenbiz, 07-19-2008, 03:06 PM
Thanks guys for all the valuable post. I will get a cup of coffee now and sit down to read all of it. Very much appreciated.
Posted by JonnieCoopz, 08-24-2008, 12:10 PM
i use a firewall called CFS firewall that intergrates with cpanel or plesk. and i use centos 5
Posted by Calibaba, 09-04-2008, 06:18 PM
servermonkeys.com is down, not even registered anymore it seems... anyone know of an alternative script, or equivilent? Last edited by writespeak; 03-29-2012 at 12:12 PM. Reason: Shortened === so that it wouldn't break the page view
Posted by chrda, 09-05-2008, 08:46 AM
Check out this link, Some info in the last pages http://www.directadmin.com/forum/showthread.php?t=17070
Posted by nahhab, 10-07-2008, 04:48 AM
Very useful, thanks,,,
Posted by Think Tank Networks, 04-09-2009, 09:23 PM
Any info on using webmin for security hardening on centos?
Posted by Starbolt, 05-10-2009, 10:09 PM
Very good information on this topic. Thank you!
Posted by errorrr007, 05-19-2011, 11:40 AM
Are you looking for complete server hardening or securing a specific software such as Apache, PHP or MySQL. If so, then let me know. I can share what i know with you.

Add to Favourites Print this Article