<\/p>\n
<\/p>\n
Install Firewall (APF or CSF Firewall with BFD)<\/p>\n
ModSecurity (Web application firewall)<\/p>\n
ModEvasive (Prevent DDOS attacks)<\/p>\n
Harden SSH server<\/p>\n
Fix Open DNS Recursion<\/p>\n
Install RKhunter<\/p>\n
Install ClamAV (Antivirus)<\/p>\n
XInet Servers Hardening (Disable Telnet\/Finger or unwanted services)<\/p>\n
Securing PHP <\/p>\n
PortsEntry (tool to detect portscans)<\/p>\n
Harden host.conf (against IP spoofing)<\/p>\n
Check User Uploaded files <\/p>\n
Secure \/tmp Folders (noexec, nosuid)<\/p>\n
<\/p>\n
This tutorial guide covers only basic<\/strong> linux server security <\/p>\n <\/p>\n The very first first step on securing a server is installing a firewall (atleast <\/p>\n We will install CSF (Config security firewall) as it is easy to install with <\/p>\n wget http:\/\/www.configserver.com\/free\/csf.tgz<\/p>\n tar zxf csf.tar.gz<\/p>\n sh \/csf\/install.sh <\/p>\n <\/p>\n Follow the installer and once installed, you can start the firewall.<\/p>\n <\/p>\n csf -s<\/p>\n \/\/ start the firewall<\/p>\n csf -r<\/p>\n \/\/ restart the firewall<\/p>\n csf -f<\/p>\n \/\/ flush the rules or stop the firewall.<\/p>\n <\/p>\n You can see the full installing tutorial here<\/strong><\/a><\/p>\n <\/p>\n <\/p>\n Very often you will see SSH attacks from various bots trying to get access <\/p>\n cat \/var\/log\/secure<\/p>\n cat \/var\/log\/messages<\/p>\n <\/p>\n To harden your SSH server, <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/ul>\n <\/p>\n You can see the full SSH hardening tutorial here<\/strong><\/a><\/p>\n <\/p>\n <\/p>\n You may want to disable services like telnet, finger and other unwanted services <\/p>\n nano \/etc\/xinetd.d\/telnet <\/p>\n \/\/ OR<\/p>\n nano \/etc\/xinetd.d\/krb5-telnet<\/p>\n <\/p>\n look for lines disable=no and change to disable=yes<\/strong><\/p>\n <\/p>\n chkconfig telnet off<\/p>\n <\/p>\n \u63a8\u8350<\/p>\n PHP is the most popular scripting language for apache and mysql. You will need <\/p>\n nano \/usr\/local\/lib\/php.ini<\/p>\n <\/p>\n Look for the lines and make sure you have the lines as below..<\/p>\n <\/p>\n disable_functions = exec,system,shell_exec,passthru<\/strong><\/p>\n register_globals = Off<\/strong><\/p>\n expose_php = Off<\/strong><\/p>\n magic_quotes_gpc = On<\/strong><\/p>\n <\/p>\n It is best to keep magic_quotes to on as otherwise you forms using <\/p>\n <\/p>\n If you are running bind DNS server, then you might want to check your dns server <\/p>\n nano \/etc\/named.conf<\/p>\n <\/p>\n Under Options {<\/strong> place a line<\/p>\n <\/p>\n Options {<\/p>\n recursion no;<\/strong><\/p>\n …..<\/p>\n <\/p>\n Then restart the bind<\/p>\n <\/p>\n service named restart<\/p>\n <\/p>\n You will also need to restrict zone transfers and notifications<\/strong> <\/p>\n \u63a8\u8350<\/p>\n ModSecurity is a free open source web application firewall which can help <\/p>\n CPanel Installation:<\/strong><\/p>\n <\/p>\n Just go to Cpanel WHM > Plugins > Enable Mod_Security > Save<\/strong><\/p>\n <\/p>\n Source Installation:<\/strong><\/p>\n <\/p>\n That should install mod security in your cpanel. Under apache it should show <\/p>\n Note: <\/strong>Mod_security needs libxml2<\/strong> and http-devel<\/strong> <\/p>\n LoadModule unique_id_module modules\/mod_unique_id.so<\/strong> <\/p>\n <\/p>\n in your httpd.conf file.<\/p>\n <\/p>\n yum install libxml2 libxml2-devel httpd-devel<\/p>\n <\/p>\n Download the latest version of mod_security for apache2 from http:\/\/www.modsecurity.org<\/a><\/p>\n <\/p>\n wget http:\/\/www.modsecurity.org\/download\/modsecurity-apache_2.1.7.tar.gz<\/p>\n tar zxf modsecurity-apache_2.5.4.tar.gz<\/p>\n cd modsecurity-apache_2.5.4<\/p>\n cd apache2<\/p>\n <\/p>\n Then <\/p>\n <\/p>\n If you cannot find .\/configure then you will need to edit Makefile <\/p>\n make <\/p>\n make install<\/p>\n <\/p>\n Next, copy the rule files depending on which you want (you can also select <\/p>\n # \/etc\/httpd\/conf\/httpd.conf<\/strong><\/p>\n <\/p>\n LoadModule unique_id_module modules\/mod_unique_id.so<\/p>\n LoadFile \/usr\/lib\/libxml2.so<\/p>\n LoadModule security2_module modules\/mod_security2.so<\/p>\n Include conf\/modsecurity\/*.conf<\/p>\n <\/p>\n Then<\/p>\n <\/p>\n \/etc\/init.d\/httpd restart<\/p>\n <\/p>\n Log Files<\/strong><\/p>\n <\/p>\n Watch for log files to detect any errors or intrusion activity<\/p>\n <\/p>\n \/var\/log\/httpd\/modsec_audit<\/p>\n \/var\/log\/httpd\/error_log<\/strong><\/p>\n <\/p>\n If you get any errors, i have compiled a list of errors while compiling. see <\/p>\n <\/p>\n ModEvasive<\/a> module <\/p>\n wget http:\/\/www.zdziarski.com\/projects\/mod_evasive\/mod_evasive_1.10.1.tar.gz<\/p>\n tar zxf mode_evasive-1.10.1.tar.gz<\/p>\n cd mod_evasive<\/p>\n <\/p>\n then run the following command for apache2…<\/p>\n <\/p>\n > \/usr\/sbin\/apxs -cia mod_evasive20.c<\/p>\n <\/p>\n Once mod evasive is installed, place the following lines in your \/etc\/httpd\/conf\/httpd.conf<\/strong><\/p>\n <\/p>\n <IfModule mod_evasive20.c><\/p>\n DOSHashTableSize 3097<\/p>\n DOSPageCount 2<\/p>\n DOSSiteCount 50<\/p>\n DOSPageInterval 1<\/p>\n DOSSiteInterval 1<\/p>\n DOSBlockingPeriod 10<\/p>\n <\/IfModule><\/p>\n <\/p>\n Follow the instructions in the README for more tuning of mod_evasive. This <\/p>\n \u63a8\u8350<\/p>\n RkHunter is a rootkit scanner scans for vulnerabilities, insecure files, backdoors <\/p>\n yum install rkhunter<\/p>\n <\/p>\n To run checks in your system<\/p>\n <\/p>\n rkhunter –checkall<\/p>\n OR<\/p>\n rkhunter -c<\/p>\n <\/p>\n You can find what command options are available under rkhunter by issuing this <\/p>\n > rkhunter –help<\/p>\n <\/p>\n <\/p>\n Portsentry is a tool to detect port scans and log it. Download the sorce package <\/p>\n wget http:\/\/path\/to\/portsentry-1.2.tar.gz <\/p>\n tar zxf portsentry-1.2.tar.gz <\/p>\n make linux<\/p>\n make install<\/p>\n <\/p>\n If you get errors like while compiling<\/p>\n <\/p>\n make linux<\/p>\n SYSTYPE=linux<\/p>\n Making<\/p>\n gcc -O -Wall -DLINUX -DSUPPORT_STEALTH -o .\/portsentry .\/portsentry.c \<\/p>\n .\/portsentry_io.c .\/portsentry_util.c<\/p>\n .\/portsentry.c: In function ‘PortSentryModeTCP’:<\/p>\n .\/portsentry.c:1187: warning: pointer targets in passing argument 3 of ‘accept’ .\/portsentry.c: In function ‘PortSentryModeUDP’:<\/p>\n .\/portsentry.c:1384: warning: pointer targets in passing argument 6 of ‘recvfrom’ .\/portsentry.c: In function ‘Usage’:<\/p>\n .\/portsentry.c:1584: error: missing terminating " character<\/p>\n .\/portsentry.c:1585: error: ‘sourceforget’ undeclared (first use in this function)<\/p>\n .\/portsentry.c:1585: error: (Each undeclared identifier is reported only once<\/p>\n .\/portsentry.c:1585: error: for each function it appears in.)<\/p>\n .\/portsentry.c:1585: error: expected ‘)’ before ‘dot’<\/p>\n .\/portsentry.c:1585: error: stray ‘\’ in program<\/p>\n .\/portsentry.c:1585: error: missing terminating " character<\/p>\n .\/portsentry.c:1595: error: expected ‘;’ before ‘}’ token<\/p>\n make: *** [linux] Error 1<\/p>\n <\/p>\n To fix:<\/strong><\/p>\n <\/p>\n Open portsentry.c<\/strong> and look for the following line. There will <\/p>\n printf ("Copyright 1997-2003 Craig H. Rowland <craigrowland <\/p>\n Then run make and make install. That should fix it!<\/p>\n <\/p>\n To launch portsentry<\/p>\n <\/p>\n \/usr\/local\/psionic\/portsentry\/portsentry -stcp<\/p>\n \/usr\/local\/psionic\/portsentry\/portsentry -sudp<\/p>\n <\/p>\n check the log files \/var\/log\/secure<\/strong> on what portsentry is <\/p>\n <\/p>\n IP spoofing is a security exploit and can be prevented from placing nospoof <\/p>\n order bind,hosts<\/p>\n nospoof on<\/p>\n <\/p>\n <\/p>\n Antivirus protection is the last thing you need for your security to protect <\/p>\n yum install clamav<\/p>\n <\/p>\n Once you have installed clamav in your centos…here are some of the basic <\/p>\n 1. To update the antivirus database<\/strong><\/p>\n <\/p>\n > freshclam<\/p>\n <\/p>\n 2. To run antivirus<\/strong><\/p>\n <\/p>\n clamav -r \/home<\/p>\n <\/p>\n 3. Running as Cron Daily Job<\/strong><\/p>\n <\/p>\n To run antivirus as a cron job (automatically scan daily) just run crontab <\/p>\n 02 1 * * * root clamscan -R \/var\/www<\/p>\n <\/p>\n This will run the cron job daily @ 1.02 AM by scanning the public html. You <\/p>\n Thats it! Always keep an eye for log files for any attacks or error messages!<\/p>\n Source: http:\/\/www.mysql-apache-php.com\/basic-linux-security.htm<\/p>\n","protected":false},"excerpt":{"rendered":"
tips intended for linux learners. I am writing this guide assuming that you
are running Centos 5 or later versions.<\/p>\nInstall Firewall<\/h1>\n
IP tables based) to close all unused or unwanted ports. Once the firewall is
installed it is often considered 50% of work done. You can install CSF firewall
or APF firewall. Often BFD (brute force detection) utilities comes with firewall. <\/p>\n
plenty of features and easily integrated to CPanel (if you are running)<\/p>\nHarden SSH server<\/h1>\n
to your server by connected to port 22 with unlimited number of login attempts
to break in to your system. Imagine attacks coming from different IPs can put
lot of load in you server. You can trace those failed attempts by checking your
log file<\/p>\n <\/p>\n
Disable Telnet & Other Unused Services<\/h1>\n
running on your server with xinet<\/strong>.<\/p>\nHardening PHP for Security<\/h1>\n
to disable system level functions in the php configuration file.<\/p>\n
POST may be used for SQL injection attacks.<\/p>\nDisable Open DNS Recursion (DNS Server) <\/h1>\n
statistics with dnstools.com. You dont want to allow recursive lookups to performed
on your server other than local IP. It can also slowdown your server.<\/p>\n
if you are running Bind 9. Refer to: dns
server hardening<\/a><\/p>\nInstall Mod_Security<\/h1>\n
you to guard against LFI (local file inclusion attacks) and SQL injection vulnerabilities. <\/p>\n
under installed modules if you run test.php with phpinfo() in it. Try adding
some mod security rules. Installing mod_security could be sometimes complicated.
Dont use apxs<\/strong> for compiling mod_security as it causes number
of problems. <\/p>\n
libraries before it can be installed. It also requires mod_unique_id<\/strong>
enabled in apache modules. To install mod_unique_id, you have to place<\/p>\n
<\/strong>and make change to top_dir = \/usr\/lib\/httpd<\/strong> (for centos)<\/p>\n
minimal rules file which comes with source). Make a directory named modsecurity
under \/etc\/httpd\/conf <\/strong>and copy all the modsecurity rules there.
Finally include those files in the httpd.conf file<\/p>\n
here<\/a> <\/p>\nInstall Mod_Evasive<\/h1>\n
for apache offers protection against DDOS (denial of service attacks) in your
server. <\/p>\n
will compile, install and activate the module in your server.<\/p>\nInstall RkHunter (Rootkit)<\/h1>\n
in your system and reports it so that you can further harden the server. Installing
RkHunter is very easy!<\/p>\n
help command<\/p>\nInstall PortsEntry<\/h1>\n
of portsentry from sourceforge.net<\/a><\/p>\n
differ in signedness<\/p>\n
diffe r in signedness<\/p>\n
be a extra carriage return breaking the line and you have to delete
the carriage return<\/strong> and make single line. It should look like below.<\/p>\n
at users dot sourceforget dot net>\n");<\/p>\n
active or not.<\/p>\nPrevent IP Spoofing<\/h1>\n
on<\/strong> in host.conf file. Edit the host.conf file and place the following
lines. If you run dns bind, give it preference.<\/p>\nInstall ClamAV<\/h1>\n
against worms and trojans invading your mailbox and files! Just install clamav
(a free open source antivirus software for linux). More information can be found
on clamav<\/a> website<\/p>\n
commands using the software..<\/p>\n
-e from your command line. Then add the following line and save the file.<\/p>\n
can change the folder to whatever you want for mail etc.<\/p>\n