Linux server security?

BillEssley

Well-known member
Joined
Feb 19, 2013
Messages
332
Best answers
2
Ratings
32
Points
28
#1
Hey there,

How can I make my Linux box (cPanel/WHM installed on my VPS) more secure?

Do you guys share any tips?

Thanks,

Bill
 

Localnode

Moderator
Staff Member
Joined
Dec 15, 2015
Messages
308
Best answers
1
Ratings
107 2
Points
43
#2
A good start is installing and configuring CSF - ConfigServer Security & Firewall. Configure cPHulk Brute Force Protection. Rootkit hunter.
Changing SSH port is also another good thing. Making sure the root password is long and obscure. Securing Apache, hardening PHP... the list goes on.

This guide should help somewhat - http://www.whmsecurity.com/whm/how-to-whm-server-hardening-and-security-basics
And this one: http://www.webhostgear.com/cid_6.html

I'd highly suggest getting someone to harden it for you if this is a production environment, as asking on a forum is generally a good indication that you don't know how :)
Keep in mind hardening isn't a fire and forget thing - you need to update these things regularly. Whenever there is a security hole - patches are released fairly quickly - you need to keep on top of such things.
 
Joined
Sep 19, 2015
Messages
8
Best answers
0
Ratings
1
Points
0
#3
First of all - change your SSH port, disable services that you don't use, install all package updates, install and configure Fail2Ban, it will help you to prevent brute force attacks, analyze your web server logs on a regular basis to detect and to suppress suspicious activities.
 

defsec

New member
Joined
Mar 2, 2016
Messages
6
Best answers
0
Ratings
3
Points
0
#4
http://www.whmsecurity.com/whm/how-to-whm-server-hardening-and-security-basics is good

My 2 cents:-
- Stop unwanted network services from startup
- Allow set of ips in firewall for ssh or run ssh on different port with set of ips allowed. You ISP network range /16 or /24
- Configure OUTPUT firewall chain, to only allow ESTABLISHED state traffic. Log & drop other requests. Make sure you dont lock yourself out
- grsecurity definitely helps in memory overflow exploits
- Check for overlayfs kernel module. Disable the module, if running. I recollect it is vulnerable
- Disable ssh root login. Login as normal user(UID>500/1000). Sudo to root with password
- You can checkout Duo security 2FA for ssh login
- Make sure you keep all your applications updated regularly
- Ensure that your CMS is updated regularly
- If using wordpress, consider using plugins like wordfence, succuri, 6scan, All in One WP Security & Firewall

Remember that security is a practice.
 

BillEssley

Well-known member
Joined
Feb 19, 2013
Messages
332
Best answers
2
Ratings
32
Points
28
#5
A good start is installing and configuring CSF - ConfigServer Security & Firewall. Configure cPHulk Brute Force Protection. Rootkit hunter.
Changing SSH port is also another good thing. Making sure the root password is long and obscure. Securing Apache, hardening PHP... the list goes on.
I have ever not heard of this before, which ports should I allow to open and how to change SSH port?

My 2 cents:-
- Stop unwanted network services from startup
- Allow set of ips in firewall for ssh or run ssh on different port with set of ips allowed. You ISP network range /16 or /24
- grsecurity definitely helps in memory overflow exploits
- Check for overlayfs kernel module. Disable the module, if running. I recollect it is vulnerable
- Disable ssh root login. Login as normal user(UID>500/1000). Sudo to root with password
Too much useful info for this answer.

Can you elaborate these steps on how to do them?

AND

I read your article from your link

php.ini & disabled functions
Edit php.ini like this:

nano /usr/local/lib/php.ini

safe_mode = On
expose_php = Off
Enable_dl= Off
magic_quotes = On
register_globals = off
display errors = off
disable_functions = system, show_source, symlink, exec, dl,
shell_exec, passthru, phpinfo, escapeshellarg,escapeshellcmd


Then restart Apache

service httpd restart

Or you can edit php.ini via WHM:
WHM Service Configuration PHP Configuration Editor
IF I disabled these functions, it can affect to my CMS or OS works?
 

defsec

New member
Joined
Mar 2, 2016
Messages
6
Best answers
0
Ratings
3
Points
0
#6
- Changing ssh port
/etc/ssh/sshd_config

Port 22

Restart ser
- Find running network services (either of the following commands)
ss -nlp
netstat -nlp

Stop services using
service <service_name> stop

Remove from startup using update-rc.d or chkconfig

- Allow your ISP subnet in firewall for ssh
Port scanning sometimes can reveal ssh ports. Using high port range for ssh, can also be a good idea.

- Overlayfs vulnerability can help unprivileged user to gain root access.
http://securitytracker.com/id/1034548

Ah! Ubuntu has issued a fix for 15.10/15.04 server. Overlayfs module is/was enabled by default(least on Ubuntu), which helps in merging mounts to existing directory of files.

Disable kernel module by adding "blacklist <module_name>" in /etc/modprobe.d/<name>.conf


- Disable root login
/etc/ssh/sshd_config

PermitRootLogin no

- Password sudo
Login in as any other user than root, and sudo to root, using password. Users have a bad habit of not keeping sudo password.

Edit /etc/sudoers using visudo
=> use PASSWD, instead of ALL/NOPASSWD. Refer manual.
 

BillEssley

Well-known member
Joined
Feb 19, 2013
Messages
332
Best answers
2
Ratings
32
Points
28
#8
I recommend asking your provider to assist you with this task. Let their support team handle it.
I agree but it is difficult if I am owning an unmanaged VPS :)

Stop services using
service <service_name> stop

- Disable root login
/etc/ssh/sshd_config
Disable root login I need to switch to SSH keys to login?

It is good to stop any services but how to do know which services we should stop, it is a problem.
 

LJSHost

Well-known member
Joined
Jul 5, 2016
Messages
1,031
Best answers
0
Ratings
203
Points
63
#9
Everyone has made some excellent technical points. If you are unmanaged and the provider will not help with this your simplest solution is just use a good firewall like CSF or as your server has cPanel turn on cpHulk. Just taking these simple measures will help in hardening your system. Many attacks these days come from sql injection or other web based exploit.

These steps will keep you safe from brute force login attacks.
I would also suggest a malware scanner such Maldet, malware can do all sorts of nasty things compromising your system from the inside out.

Always use passwords such as 9dkfj93!kdifk
 
Joined
Oct 5, 2016
Messages
42
Best answers
0
Ratings
7
Points
8
#10
Start with making sure iptables is running well and then aadd interface like CSF. If you are not linux savvy their interface will make great suggestions as to improvements you can make in order to make your server more secure. Also take a quick look at cPanel Security Advisory option in WHM. Make sure before you do any changes that you read up on what each change does, and that you are not blocking any type of functionality that will later affect the performance or usability of your website. After that you can search for many guides on the web that will provide you with more extensive information as to setting up something like MailScanner with ClamAV and other solutions to cover aspects such as incoming/outgoing emails and uploaded files to the servers.
 
Older Threads
Replies
9
Views
1,302
Replies
6
Views
1,191
Replies
3
Views
998
Replies
6
Views
1,090
Newer Threads
Latest Threads
  • Deleted
  • Deleted by fwh
Replies
0
Views
1
  • Deleted
  • Deleted by fwh
Replies
0
Views
1
Replies
0
Views
1
Replies
1
Views
66
Recommended Threads
Replies
13
Views
1,248
Replies
5
Views
1,544
Replies
2
Views
1,472
Replies
1
Views
262

Latest Hosting OffersNew Reviews

Sponsors

Latest Blog ArticlesMost Viewed Threads

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top