LinkBack URL
About LinkBacksNice thread
I did not see any mention of rkhunter. It is also good to have with chkrootkit. I thought I would mention it
http://www.rootkit.nl/
I like it in addition to chkrootkit...
Nice thread
I did not see any mention of rkhunter. It is also good to have with chkrootkit. I thought I would mention it
http://www.rootkit.nl/
I like it in addition to chkrootkit...
Tutorial Revision?
It was a great tutorial. However my SSL server was unreachable after the APF install. I replaced the code given by 00000000 for the inbound ports. 443 was not included. After I included it my SSL server awas up again. Just added this in case anyone else has a problem with this in the future.A Beginner's Guide to Securing Your Server Part 3 of 3 (Apps to install)
Code:Common ingress (inbound) TCP ports IG_TCP_CPORTS="21,22,25,53,80,110,143,465,953,993,995,2082,2083,2084,2086,2087,2095,2096,3306,6666,7786,3000_3500"
Revised Code:
Code:Common ingress (inbound) TCP ports IG_TCP_CPORTS="21,22,25,53,80,110,143,443,465,953,993,995,2082,2083,2084,2086,2087,2095,2096,3306,6666,7786,3000_3500"
Kyle
"Life is like a box on cPanel Edge. You never know what your gonna get..."
What about the option: IF="eth0", would I have problems if this option is not set correctly?
I have seen #123 in Common egress (outbound) TCP ports???
Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,37,53,80,110,113,#123,443,43,873,953,2089,2703,3306"
Thanks!
Last edited by equens; 03-18-2005 at 02:08 PM.
If that is the location of your ethernet connection you will have a problem indeed. Majority of connections are on eth0Originally Posted by equens
I disabled direct login to root 'PermitRootLogin no' now when I login as 'admin' and su to root commands like 'service cpanel restart' produce 'bash: service: command not found'. Why is that? Is there somthing I can do to allow these commands, they are so easy to remember?
Very useful; I especially like chkrootkit; I have it running daily.
Anyway, with the apf ports, isn't there a typing mistake; there seems to be two spaces in the middle of port 2084. I'm assuming that is a typing error...
IG_TCP_CPORTS="21,22,25,53,80,110,143,465,953,993,995,2082,2083,2 084,2086,2087,2095,2096,3306,6666,7786,3000_3500"
yes it is a typing error , sometimes the forum automagically adds spaces
I've updated everything to the new BFD b4 i had the old bfd version
------------------------
Greeeting from me
How are you doing ?
Keep it real
------------------------
I'd like to add that there is no need at all to open ports 3000_3500 unless you have a very specific reason. Remember that APF is an SPI firewall and so it's completely unnecessary to open ethereal ports for something like FTP access. Opening ports with nothing attached to them makes having a firewall relatively pointless.
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
nazoreen,
There's no need for a security thread about exim as far as I can see. With a default cPanel exim installation, you can only relay through exim if you have been authenticated. The other issues I have addressed in the other thread you started on the subject.
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
I just want to say thanks for taking everything that was scattered and making a VERY easy to follow guide.
I had a few tiny bugs that I mostly worked out w/ my server. I cant see, though, to get the 'root login email' part to work. Other than that everything works VERY well and I have already found 2 people trying to login to my server. Thankfully ROOT is already turned off through immediate login from my hosting company but it still banned 2 IP's right away and everything else is looking great.
Had a user, quite brightly I might add, ban himself and his second IP in the house trying to login into FTP w/ the wrong info from his activation email, but after a quick search I was able to modify that and get him up and off the banned list.
Thanks again. I think I may be missing, or adding, a space in the 'root login email' portion. If someone could maybe post a <space> type thing of the line to add. What happens is when I add that to my .bash_profile upon logging in w/ my root the next time I login I get a mail <Access denied> type error thats just below my security MOTD. Once I remove that line the login is flawless... so I dunno.
I've had APF running forever, but I dont know why (I'm slow...lol) I didn't have BFD running.
Excellent
Thank you for taking the time to place all of this in one section. This is uber kewl!
This thread was a godsend. One thing though on the apf, it doesn't say to change the defaults on a few things that say disable but I would think should be enabled. Are these settings ok or do they need to be changed:
PHP Code:# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="0"
----snip----
# Import /etc/apf/ad/ad.rules ban list generated by antidos;
# this is essentialy a quick enable/disable feature for
# the insertion of such bans. [0 = Disabled / 1 = Enabled]
USE_AD="0"
----snip----
Mods, i vote for this threat to be a STICKY as it'll help a lot of newcomers to the forum
Goo added
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
Reply With Quote