How to configure security for dedicated servers and VPS?

Asked

Viewed 573 times

2

I’m having problems with virtualized and dedicated server security settings (VPS).

What I need to do to protect my Linux server, with Apache, against major security threats such as rootkits, open common port scanning, logging of root actions, etc? What needs to be installed and configured?

php linux apache security-guard

  • If your intention is to share something that can help the staff, I suggest you put the explanation part as an answer. And the part of the question you pose as if you were someone asking: e.g.: 'what are the common security practices in VPS/Dedicated?'

  • Yes the intention is to share knowledge. I had security problems, and it helped me a lot. So I want to help others too.

  • I edited my comment @Tiago

  • 1

    @williamhk2 good, I’ll change.

  • Beauty, there also other people with other tips, can respond as a complement to your answer! ;)

  • @gmsantos, Ricardohenrique, Rray, Brunoaugusto, Jorgeb, It would be interesting for you to read carefully before. Quiz contribute knowledge and was not asking a question, just read the message below. Boring this...

  • 4

    @Tiago I opened a question in the goal to discuss this question. http://meta.pt.stackoverflow.com/questions/4048/essa-questiona-pode-ser-reopened

Show 2 more comments

1 answer

5


Via SSH - Shell access

Install the ELS

wget --output-document=installer.sh http://servermonkeys.com/projects/els/installer.sh; chmod +x installer.sh; sh installer.sh; els --update; els --chkrootkit; els --rkhunter; els --chmodfiles; els --disabletelnet; els --hardensysctl; els --libsafe; els --mytop; els ---securepartitions

ELS "Easy Linux Security" is an installer of updated modules and small security scripts. There are many modules available, you can list them by simply running the Els command on your shell. What I install above are the ones that make the most difference in terms of server security: chkrootkit (rootkit), rkhunter (another better rootkit yet), chmodfiles (it changes the access permissions and execution of some scripts/commands on the server to only root run them), disabletelnet (disables/shuts down telnet, leaving only SSH), hardensysctl (makes a tunnig from its network interface), installs libsafe (32-bit systems only), mytop (installs a mysql process viewer like the TOP command makes with the system).

Install the logview

wget http://www.logview.org/logview-install

Install the CMM

wget http://www.configserver.com/free/cmm.tgz; tar -xzf cmm.tgz; cd cmm; ./install.sh

It is a log viewer via browser, you do not need to open SSH to see the intricate logs of the system, with this addon of WHM vc see them via your WHM panel.

Install the CMQ

wget http://www.configserver.com/free/cmq.tgz; tar -xzf cmq.tgz; cd cmq; ./install.sh

Install the CMC

wget http://www.configserver.com/free/cmc.tgz; tar -xzf cmc.tgz; cd cmc; ./install.sh

Configuring the SSH port

pico -w /etc/ssh/sshd_config

And change the line "Port 22" to the port you want (remember to add the port in your firewall BEFORE or you will no longer be able to access the server).

ROOT Access Notice

Edit ". bash_profile" o with the command:

cd root; pico -w /root/.bash_profile

Add the code below at the end of the last command:

#
# GRAVA LOG E HISTORICO DE ACESSOS ROOT
#
echo `who` >> .access
#
# EMAIL DE AVISO ACESSO ROOT
#
rootalert() {
  echo 'ALERTA - Acesso ROOT SHELL'
  echo
  echo 'Servidor: '`hostname`
  echo 'Data: '`date`
  echo 'Usuario: '`who | awk '{ print $1 }'`
  echo 'TTY: '`who | awk '{ print $2 }'`
  echo 'Origem: '`who | awk '{ print $6 }' | /bin/cut -d '(' -f 2 | /bin/cut -d ')' -f 1`
  echo
  echo 'ACESSO ROOT EXECUTADO.'
  echo
  echo 'Estes usuários estão ativos neste instante como root:'
  echo `who | awk '{print $6}'`
  echo
  echo 'Últimos 10 acessos efetuados:'
  echo `last -n 10`
  echo
  echo 'Informações: Horário deste acesso, Uptime e Load Averange atual'
  echo `uptime`
  echo
}
rootalert | mail -s "Alerta: Acesso ROOT [`hostname`]" SEUEMAILAQUICARAMBA

Install the CSF Firewall

wget http://www.configserver.com/free/csf.tgz; tar -xzf csf.tgz; cd csf; sh install.sh

Remove the Lynx

First identify the package you have installed:

rpm -qa | grep lynx

Then execute:

rpm -e lynx NOMEDOPACOTE

Installing and configuring Maldetec correctly

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz ; tar -xzf maldetect-current.tar.gz ; cd maldetect-* ; sh ./install.sh ; maldet --update-ver ; maldet --update

Now configuring, edit the file "conf.maldet" in /usr/local/maldetect, editing the line "email_alert=0" for "email_alert=1" and the line "email_addr=" placing your email that will receive the report.

You can run it on the specific command line, for example:

maldet -a /home/USUARIO/

maldet -a /home? /? /public_html

Here’s a rather radical tip: You can set up maldetec to try to clean up possible trojans or malicious code that "paste" into PHP code intregos, and if you can’t get it to move the whole script/file to the /usr/local/maldetect/Quarantine/directory. To do this edit the line "quar_hits=0" for 'quar_hits=1" and "quar_clean=0" for "quar_clean=1".

Using the KSPLICE

wget -N https://www.ksplice.com/uptrack/install-uptrack; sh install-uptrack 8c7fea7e7e4e244d9ad4abacd55caf67fbed1d7f46ad31d1f3edea0eb61d8b7b --autoinstall

Distributions that works http://ksplice.oracle.com/legacy#Installing-uptrack? wi=1

Credits: Alexandre Duran.

Browser other questions tagged php linux apache security-guard

You are not signed in. Login or sign up in order to post.