2
I’m having problems with virtualized and dedicated server security settings (VPS).
What I need to do to protect my Linux server, with Apache, against major security threats such as rootkits, open common port scanning, logging of root actions, etc? What needs to be installed and configured?
5
Via SSH - Shell access
wget --output-document=installer.sh http://servermonkeys.com/projects/els/installer.sh; chmod +x installer.sh; sh installer.sh; els --update; els --chkrootkit; els --rkhunter; els --chmodfiles; els --disabletelnet; els --hardensysctl; els --libsafe; els --mytop; els ---securepartitions
ELS "Easy Linux Security" is an installer of updated modules and small security scripts. There are many modules available, you can list them by simply running the Els command on your shell. What I install above are the ones that make the most difference in terms of server security: chkrootkit (rootkit), rkhunter (another better rootkit yet), chmodfiles (it changes the access permissions and execution of some scripts/commands on the server to only root run them), disabletelnet (disables/shuts down telnet, leaving only SSH), hardensysctl (makes a tunnig from its network interface), installs libsafe (32-bit systems only), mytop (installs a mysql process viewer like the TOP command makes with the system).
wget http://www.logview.org/logview-install
wget http://www.configserver.com/free/cmm.tgz; tar -xzf cmm.tgz; cd cmm; ./install.sh
It is a log viewer via browser, you do not need to open SSH to see the intricate logs of the system, with this addon of WHM vc see them via your WHM panel.
wget http://www.configserver.com/free/cmq.tgz; tar -xzf cmq.tgz; cd cmq; ./install.sh
wget http://www.configserver.com/free/cmc.tgz; tar -xzf cmc.tgz; cd cmc; ./install.sh
pico -w /etc/ssh/sshd_config
And change the line "Port 22" to the port you want (remember to add the port in your firewall BEFORE or you will no longer be able to access the server).
Edit ". bash_profile" o with the command:
cd root; pico -w /root/.bash_profile
Add the code below at the end of the last command:
#
# GRAVA LOG E HISTORICO DE ACESSOS ROOT
#
echo `who` >> .access
#
# EMAIL DE AVISO ACESSO ROOT
#
rootalert() {
echo 'ALERTA - Acesso ROOT SHELL'
echo
echo 'Servidor: '`hostname`
echo 'Data: '`date`
echo 'Usuario: '`who | awk '{ print $1 }'`
echo 'TTY: '`who | awk '{ print $2 }'`
echo 'Origem: '`who | awk '{ print $6 }' | /bin/cut -d '(' -f 2 | /bin/cut -d ')' -f 1`
echo
echo 'ACESSO ROOT EXECUTADO.'
echo
echo 'Estes usuários estão ativos neste instante como root:'
echo `who | awk '{print $6}'`
echo
echo 'Últimos 10 acessos efetuados:'
echo `last -n 10`
echo
echo 'Informações: Horário deste acesso, Uptime e Load Averange atual'
echo `uptime`
echo
}
rootalert | mail -s "Alerta: Acesso ROOT [`hostname`]" SEUEMAILAQUICARAMBA
wget http://www.configserver.com/free/csf.tgz; tar -xzf csf.tgz; cd csf; sh install.sh
First identify the package you have installed:
rpm -qa | grep lynx
Then execute:
rpm -e lynx NOMEDOPACOTE
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz ; tar -xzf maldetect-current.tar.gz ; cd maldetect-* ; sh ./install.sh ; maldet --update-ver ; maldet --update
Now configuring, edit the file "conf.maldet" in /usr/local/maldetect, editing the line "email_alert=0" for "email_alert=1" and the line "email_addr=" placing your email that will receive the report.
You can run it on the specific command line, for example:
maldet -a /home/USUARIO/
maldet -a /home? /? /public_html
Here’s a rather radical tip: You can set up maldetec to try to clean up possible trojans or malicious code that "paste" into PHP code intregos, and if you can’t get it to move the whole script/file to the /usr/local/maldetect/Quarantine/directory. To do this edit the line "quar_hits=0" for 'quar_hits=1" and "quar_clean=0" for "quar_clean=1".
wget -N https://www.ksplice.com/uptrack/install-uptrack; sh install-uptrack 8c7fea7e7e4e244d9ad4abacd55caf67fbed1d7f46ad31d1f3edea0eb61d8b7b --autoinstall
Distributions that works http://ksplice.oracle.com/legacy#Installing-uptrack? wi=1
Credits: Alexandre Duran.
Browser other questions tagged php linux apache security-guard
You are not signed in. Login or sign up in order to post.
If your intention is to share something that can help the staff, I suggest you put the explanation part as an answer. And the part of the question you pose as if you were someone asking: e.g.: 'what are the common security practices in VPS/Dedicated?'
– William Pereira
Yes the intention is to share knowledge. I had security problems, and it helped me a lot. So I want to help others too.
– Tiago
I edited my comment @Tiago
– William Pereira
@williamhk2 good, I’ll change.
– Tiago
Beauty, there also other people with other tips, can respond as a complement to your answer! ;)
– William Pereira
@gmsantos, Ricardohenrique, Rray, Brunoaugusto, Jorgeb, It would be interesting for you to read carefully before. Quiz contribute knowledge and was not asking a question, just read the message below. Boring this...
– Tiago
@Tiago I opened a question in the goal to discuss this question. http://meta.pt.stackoverflow.com/questions/4048/essa-questiona-pode-ser-reopened
– gmsantos