Hi All,
My company has 3 US-hosted linux dedicated servers. To our knowledge we haven't been seriously hacked in 4 years, until a few weeks ago. Within the last few weeks, 2 of the 3 have been hacked, requiring fresh installs of the OS + WHM/cPanel. Each hack has cost us approx $1,000+ in terms of data centre support plus our hours here to re-install and re-configure non-standard software (payment processing software etc.) to get the servers back to the way they were.
I've searched around these forums for hints and tips about how to make our servers more secure. This information seems to exist in small amounts in posts here and there, often as suggestions in response to others who have been hacked.
I'd like to offer this thread up to anyone would like to offer hints and tips about how to beef up linux web server security. With each piece of advice please try to give a brief how-to and/or link to a website resource that describes what to do more fully.
Here's a starter:
1. Limit SSH root access to a fixed list of IP address
2. Ensure WHM/cPanel and other server software are fully updated with latest patches.
3. Auto-email a report for all root access logins
4. Disallow telnet access
5. Change cpanel//ftp passwords regularly
6. Install 'bruteforce detection' script: auto-blocks repeated frequent attempts to login. eg. http://www.rfxnetworks.com/bfd.php (there's a 'how-to' install here: http://www.webhostgear.com/60.html)
7. Firewall the server eg. http://www.rfxnetworks.com/apf.php
8. Turn off non-essential/unnecessary services (does anyone know of a list of what these might be?)
Firewalls
APF
- http://www.rfxnetworks.com/apf.php
Intrustion Detection Software
AIDE (Advanced Intrusion Detection Software)
- http://sourceforge.net/projects/aide
Tripwire (...is a tool that checks to see what has changed on your system)
- http://sourceforge.net/projects/tripwire/ (open source version)
- http://www.tripwire.com/products/ (commercial version)
Other Related cPanel Threads
- http://forums.cpanel.net/showthread.php?t=30159
General Website Resources on Security
- http://www.webhostgear.com/cid_6.html (some great 'securing servers' tutorials here)
- www.linuxsecurity.com
- http://www.webhostingtalk.com/showth...hreadid=307474 (how-to secure cPanel)
- http://forums.servermatrix.com/viewt...t=2198&start=0 Improving System Security on cPanel Systems (Servermatrix forum)
Books on Security
- Linux Server Hacks by Rob Flickenger (just found this on Amazon, seems well recommended)
- Any other recommendations here?
* Please note that we are not linux security experts and are not trying to be! We're just trying to share some hints and tips and resources with others who need to 'up' their linux security without necessarily having the budget to employ experts. *



LinkBack URL
About LinkBacks
(/humour)





