Tuesday, March 19, 2013

Securing Linux Cpanel server

Securing Linux Cpanel server


WHM >> Security Center

1. Compiler Access >> make sure it is disabled for all users except "root".

2. Configure Security Policies >> Password Strength

3. cPHulk Brute Force Protection >> Enable it. White List known IPs if required (say if customer has static IP from ISP).

4. Traceroute Enable/Disable >> Disable it.

5. Shell Fork Bomb Protection >> Enable.

 OS and kernel

6. find / ( -perm -a+w ) ! -type l >> world_writable.txt : Look at world_writable.txt to see all world writable files and directories. This will reveal locations where an attacker can store files on your system. NOTE: Fixing permissions on some PHP/CGI scripts that are not properly coded will break them.

7. find / -nouser -o -nogroup >> no_owner.txt : Look at no_owner for all files that do not have a user or group associated with them. All files should be owned by a specific user or group to restrict access to them.

8. Make Sure No Non-Root Accounts Have UID Set To 0

    awk -F: '($3 == "0") {print}' /etc/passwd (you should only see one o/p) like:


9. Tripwire – Monitors checksums of files and reports changes.
    http://tripwire.com or http://sourceforge.net/projects/tripwire
10. Chrookit – Scans for common rootkits, backdoors, etc.


11. Rkhunter – Scans for common rootkits, backdoors, etc.


  Now create a cronjob so it will email you with notifications to the root mailbox:
  #crontab -e

    At the bottom add the following line
   16 0 * * * /usr/local/bin/rkhunter -c --nocolors --cronjob --report-mode --createlogfile --skip-keypress --quiet

   Press control x to save

12. Logwatch – Monitors and reports on daily system activity.


13. Change SSH port to non-standard port.

14. Change SSH Protocol 2,1 to Protocol 2

15. Enable Email Alert on root login

    cd /root ; vi  .bashrc

   Scroll to the end of the file then add the following:

   echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" admin@domain.com

 Firewall and mis security

17. Install CSF firewall and make sure test mode is disabled after opening all used ports.

   IMP: Make sure SSH port set in #14 is opened in firewall.

   CSF Connection Limit
   There is in csf.conf CT option, configure it like this
   CT_LIMIT = “100″
   It means every IP with more than 100 connections is going to be blocked.
   IP will blocked permanenty
   CT_BLOCK_TIME = “1800″
   IP will be blocked 1800 secs(1800 secs = 30 mins)
   CT_INTERVAL = “60″
   Set this to the the number of seconds between connection tracking scans.
   After csf.conf editing, restart csf

18. Tweak LFD and CSF to prevent DOS.

19. Secure /tmp, /dev/shm and /var/tmp

 PHP security

20. Disable vulnerable PHP functions. Find the disable_functions in php.ini file and

    disable_functions = system, show_source, symlink, exec, dl,
    shell_exec, passthru, phpinfo, escapeshellarg,escapeshellcmd

21. Enable suPHP if the server is for shared hosting.

22. WHM >> Configure PHP and suEXEC > set suPHP handler and suexec


22. Install mod_security and cmc to manage the mod sec rules via WHM. See http://configserver.com/cp/cmc.html

23. Install dos_evasive.


24. WHM >> Service Configuration >> FTP Server Configuration

   Make sure Anonymous logins and uploads are disabled.


25. Disable networking if you don't need anyone to remotely connect to MySQL server.

     Add the below line to my.cnf


No comments:

Post a Comment