Tools to secure your server?

Chris Worner

Well-known member
Joined
Apr 15, 2016
Messages
535
Points
28
Which is the best tool to secure my server? I prefer free tools but paid tools are also welcomed :) I installed csf for my server but to be honest I am not still satisfy with it and need to know others, may be better. Please suggest me!
 

tuxandrew

Well-known member
Joined
Aug 19, 2012
Messages
126
Points
18
For any Linux production servers it require as total server hardening.

In general,
Hardening start from SSH then Firewall, Applications, permissions, Services, OS package update,Kernel update,Securing the /tmp directory,Rookit check,Mail services,Generating periodic HDD health status report,removing unwanted/obsolete packages,Disable or remove unused server services, go on..
 

fiz

Member
Joined
Aug 6, 2020
Messages
64
Points
6
Which is the best tool to secure my server? I prefer free tools but paid tools are also welcomed :) I installed csf for my server but to be honest I am not still satisfy with it and need to know others, may be better. Please suggest me!
tuxandrew explained very well but would like to add a few things. Limit the SSH access to either specific IP, if you have a Dedicated IP and turn off the password authentication. Use Public Key to login. Also, you mentioned you are using CSF. it a quite powerfull tool if you use it right. Protect your server with ClamAV, Maldet or ImunifyAV. There are other few tools that might help you, use them according to your needs.
  • Lynis
  • Chrootkit
  • rkhunter
  • LMD
  • rkhunter
  • OpenVAS
  • REMnux
  • Tiger
  • Maltrail
  • YARA
These are few tools for different purposes. You can look into them and use them according to your needs. You didn't mention your OS so some might not be available for yours'.
 

Localnode

Moderator
Staff Member
Joined
Dec 15, 2015
Messages
327
Points
43
Hi.
This is a basic ruleset for RHEL-based operating systems (CentOS, CloudLinux, etc) using cPanel/WHM
The following software is not resource intensive, therefore you will not see any decrease in performance.

Install CHKRootKit, which is a program that looks for known signatures in trojaned system binaries, it basically detects if the system has been compromised

Install Rootkit Hunter, which is scanning tool to find most types of exploits (backdoors, suspicious files, md5 hash comparisons, and is over 99% accurate in detecting such exploits

Install Logwatch. This program parses through my server's logs and reports to you via e-mail on a daily basis with tabulated information.

Install SIM (System Integrity Monitor), this software checks all services 24x7 and restarts them if they are down. An e-mail is dispatched a downed service is detected and restarted.

Optimise and secure Apache (HTTPD) server. For extra http/php security - install mod_security if you would like, it is not installed by default because it can interfere with certain common functions.

Optimise MySQL Server to perform at it's best under the most common and standard environments. IMPORTANT: If you need mysql to have high connection limits or high timeouts then re-enable them in the MySQL config.

Please note that since every server's specs and usage are different, the standard optimisation is a base set of recommended values. Optimisation sometimes takes several times to get just right, and the best way to optimise it is to see the problem while it is happening so you can tweak the specific values based on my specific usage.

Secure and harden System Configuration File host.conf to prevent DNS lookup poisoning and also provide protection against spoofs.

Srcure and harden System Configuration File nsswitch.conf. Also optimise it to perform DNS lookups more efficiently.

Secure and harden System Configuration File sysctl.conf to help prevent the TCP/IP stack from syn-flood attacks. It is also configured to prevent other various and similar network abuse.

All of your vulnerable directories (/tmp, /var/tmp, /dev/shm and /usr/local/apache/proxy) review them and make sure they are clean.

Secure and harden /tmp and /var/tmp to prevent the execution of malicious scripts

Set up a root login notification script and logger. This will send an e-mail to 'root' every time someone logs into your server as root. Also, it will keep track of all logins in a history file located in /var/log/rootlogins

Install SPRI. This program changes the priority of different processes in accordance to their level of importance. You should see at least a 5-20% decrease in the average load level of your server on average.

Disable unused programs on your server.
This reduces the chance of being compromised through software exploits on old or deprecated programs.

Install MultiTail and gives you the ability to tail (view realtime activity) multiple log files simultaneously.

Install PHPSysInfo. This is a GUI (graphical user interface) to my server's vital statistics. You can view it by logging into WHM as root, then add /phpsysinfo/index.php to the end of the url after you have logged in. You will have to enter the root login information to gain access as it is protected under the root WHM login.

Disable telnet to prevent insecure transmissions of data and passwords, SSH must be used instead of Telnet, and functions the same way.

Harden SSH by restricting the SSH Protocol to SSH 2. SSH will still function the same way, just more secure. Change the SSH port and disable direct root logins (only allow ssh keys). I strongly recommend doing this.

ConfigServer Explorer has been installed into WHM with root level permissions. This allows system root files to be edited in an emergency situation when SSH is not accessible. You can access this by logging into WHM and click this link at the bottom left side.
NOTE: You will have to enter root login information to gain access as it is protected under root WHM login.
!!IMPORTANT!! This simulates SSH access, treat it as such, do not use it unless you are familiar with SSH. Moreover, do not execute any commands you are not fluent with. As with SSH, damage can be done if this program is not used properly. If you are unfamiliar with SSH, do NOT use this program. It should be left in case of such an emergency. Again, this file can only be accessed through WHM while being logged in as root.

Eable Background Process Killer to kill any of the following which are commonly recognised bad processes: BitchX, bnc, eggdrop, generic-sniffers, guardservices, ircd, psyBNC, ptlink and related services.

Create a warning message for the SSH login welcome screen. Any user that logs into my server via SSH, will see a message stating 'SSH is for authorised users only and any unauthorised access will be reported to the law enforcement authorities'.

Update FTP server software and tweak it to increase the security of FTP connections to the server.
Again, this is standard.
You could go further by installing things like ClamAV, Immunify360, etc.

I've kept it in quote marks for easy reading.

I'd also suggest you look at some guides, and possibly hire an admin to harden for you if you don't have any experience.
 
Latest Threads
Replies
3
Views
56
Replies
2
Views
62
Replies
7
Views
143
fiz
Recommended Threads
Replies
4
Views
1,448
Replies
14
Views
3,885
Replies
4
Views
1,894
Replies
0
Views
650

Latest postsNew threads

Latest Hosting OffersNew Reviews

Sponsors

Latest Blog ArticlesMost Viewed Threads

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top