The following software is not resource intensive, therefore you will not see any decrease in performance.
Install CHKRootKit, which is a program that looks for known signatures in trojaned system binaries, it basically detects if the system has been compromised
Install Rootkit Hunter, which is scanning tool to find most types of exploits (backdoors, suspicious files, md5 hash comparisons, and is over 99% accurate in detecting such exploits
Install Logwatch. This program parses through my server's logs and reports to you via e-mail on a daily basis with tabulated information.
Install SIM (System Integrity Monitor), this software checks all services 24x7 and restarts them if they are down. An e-mail is dispatched a downed service is detected and restarted.
Optimise and secure Apache (HTTPD) server. For extra http/php security - install mod_security if you would like, it is not installed by default because it can interfere with certain common functions.
Optimise MySQL Server to perform at it's best under the most common and standard environments. IMPORTANT: If you need mysql to have high connection limits or high timeouts then re-enable them in the MySQL config.
Please note that since every server's specs and usage are different, the standard optimisation is a base set of recommended values. Optimisation sometimes takes several times to get just right, and the best way to optimise it is to see the problem while it is happening so you can tweak the specific values based on my specific usage.
Secure and harden System Configuration File host.conf to prevent DNS lookup poisoning and also provide protection against spoofs.
Srcure and harden System Configuration File nsswitch.conf. Also optimise it to perform DNS lookups more efficiently.
Secure and harden System Configuration File sysctl.conf to help prevent the TCP/IP stack from syn-flood attacks. It is also configured to prevent other various and similar network abuse.
All of your vulnerable directories (/tmp, /var/tmp, /dev/shm and /usr/local/apache/proxy) review them and make sure they are clean.
Secure and harden /tmp and /var/tmp to prevent the execution of malicious scripts
Set up a root login notification script and logger. This will send an e-mail to 'root' every time someone logs into your server as root. Also, it will keep track of all logins in a history file located in /var/log/rootlogins
Install SPRI. This program changes the priority of different processes in accordance to their level of importance. You should see at least a 5-20% decrease in the average load level of your server on average.
Disable unused programs on your server.
This reduces the chance of being compromised through software exploits on old or deprecated programs.
Install MultiTail and gives you the ability to tail (view realtime activity) multiple log files simultaneously.
Install PHPSysInfo. This is a GUI (graphical user interface) to my server's vital statistics. You can view it by logging into WHM as root, then add /phpsysinfo/index.php to the end of the url after you have logged in. You will have to enter the root login information to gain access as it is protected under the root WHM login.
Disable telnet to prevent insecure transmissions of data and passwords, SSH must be used instead of Telnet, and functions the same way.
Harden SSH by restricting the SSH Protocol to SSH 2. SSH will still function the same way, just more secure. Change the SSH port and disable direct root logins (only allow ssh keys). I strongly recommend doing this.
ConfigServer Explorer has been installed into WHM with root level permissions. This allows system root files to be edited in an emergency situation when SSH is not accessible. You can access this by logging into WHM and click this link at the bottom left side.
NOTE: You will have to enter root login information to gain access as it is protected under root WHM login.
!!IMPORTANT!! This simulates SSH access, treat it as such, do not use it unless you are familiar with SSH. Moreover, do not execute any commands you are not fluent with. As with SSH, damage can be done if this program is not used properly. If you are unfamiliar with SSH, do NOT use this program. It should be left in case of such an emergency. Again, this file can only be accessed through WHM while being logged in as root.
Eable Background Process Killer to kill any of the following which are commonly recognised bad processes: BitchX, bnc, eggdrop, generic-sniffers, guardservices, ircd, psyBNC, ptlink and related services.
Create a warning message for the SSH login welcome screen. Any user that logs into my server via SSH, will see a message stating 'SSH is for authorised users only and any unauthorised access will be reported to the law enforcement authorities'.
Update FTP server software and tweak it to increase the security of FTP connections to the server.
I installed csf for my server but to be honest I am not still satisfy with it and need to know others, may be better. Please suggest me!
