Well, out of mostly boredom and an interest in security and shell scripting (just learned the shell scripting last weekend), I started writing a script to automatically take care of many of the simple security tasks of a linux system.
It is only recommended to be used on freshly installed OSes as it may overwrite your own configs (however everything that gets modified does get backed up).
Currently, this script does the following:
-Install APF
-Install BFD
-Install RKHunter
-Download an optimized and more secure my.cnf depending on MySQL version (4.0 or 4.1, no 3.x)
-Secure /tmp and /dev/shm in /etc/fstab, if /tmp is not in /etc/fstab and cPanel is present, /scripts/securetmp is executed
-Disable Telnet
-Force SSH 2 Protocol
It has an automatic updater, to ensure it runs the latest version. If cPanel is present, it uses an already cPanel ready conf.apf, however DEVMODE IS ENABLED, so you will have to disable that once you ensure everything is properly configured.
It's still under some development. The script works very well, as reported by several people, and tested myself on RHEL3, CentOS4, and FC3. It has only been tested and is recommended for Red Hat base systems (RH9, RHEL3,4, CentOS3,4, FC1,2,3,4). All other linux distrobutions have not been tested yet, and if you would like to try it out, you have to enable devmode in the script otherwise it will stop when it can't find /etc/redhat-release.
You can download and execute the script with the following command (as root):
NOTICE:
I am not responsible for any dataloss, or downtime you may experience withthe use of this script. So far, none was reported, however this is to be used at your own risk! Again, it is to be used to initially secure your RH based server (with or without cPanel).
If you have any questions, comments, or suggestions feel free to let me know (post here or PM is fine). As of currently, the site I am planning to use for the release and support of this script is under development, so email, or PM would be best way to get help with this script if necessary.
This script is not a 100% sure way to secure your server, either. There's always one more thing to do. Also, be sure to read the README file downloaded after running, or view it at:
Enjoy!
It is only recommended to be used on freshly installed OSes as it may overwrite your own configs (however everything that gets modified does get backed up).
Currently, this script does the following:
-Install APF
-Install BFD
-Install RKHunter
-Download an optimized and more secure my.cnf depending on MySQL version (4.0 or 4.1, no 3.x)
-Secure /tmp and /dev/shm in /etc/fstab, if /tmp is not in /etc/fstab and cPanel is present, /scripts/securetmp is executed
-Disable Telnet
-Force SSH 2 Protocol
It has an automatic updater, to ensure it runs the latest version. If cPanel is present, it uses an already cPanel ready conf.apf, however DEVMODE IS ENABLED, so you will have to disable that once you ensure everything is properly configured.
It's still under some development. The script works very well, as reported by several people, and tested myself on RHEL3, CentOS4, and FC3. It has only been tested and is recommended for Red Hat base systems (RH9, RHEL3,4, CentOS3,4, FC1,2,3,4). All other linux distrobutions have not been tested yet, and if you would like to try it out, you have to enable devmode in the script otherwise it will stop when it can't find /etc/redhat-release.
You can download and execute the script with the following command (as root):
Code:
wget http://richgannon.net/securescript/secure.sh; chmod 700; sh secure.shI am not responsible for any dataloss, or downtime you may experience withthe use of this script. So far, none was reported, however this is to be used at your own risk! Again, it is to be used to initially secure your RH based server (with or without cPanel).
If you have any questions, comments, or suggestions feel free to let me know (post here or PM is fine). As of currently, the site I am planning to use for the release and support of this script is under development, so email, or PM would be best way to get help with this script if necessary.
This script is not a 100% sure way to secure your server, either. There's always one more thing to do. Also, be sure to read the README file downloaded after running, or view it at:
Code:
http://richgannon.net/securescript/README.secure