Quick Security Scan

[popeye]

Hi was just about to do a scan but got this message below just wanted to know if this was normal ?

There are services enabled by default with your operating system that are not necessary for most web servers. This function will disable the following services: portmap - Used by NFS to map network drives cupsd - Used for printing nfs statd - Used for NFS file system mounting. nis - Network information service gpm - Console mouse services If you see a [FAILED] error message, this means that the service was not running when the scanner tried to shut it down. This is not a problem, the service will still be prevented from automatically starting.

 

[quietFinn]

Yes it is normal.

If you have CSF I suggest you go to WHM-> Plugins-> ConfigServer Security&Firewall-> Check Server Security.

 

[popeye]

Hi only want to do a scan which i have just done and it finished and just said done, but why did you say go to ConfigServer Security&Firewall ?

 

[quietFinn]

Hi only want to do a scan which i have just done and it finished and just said done, but why did you say go to ConfigServer Security&Firewall ?

Because CSF's "Check Server Security" tells you something, instead of just saying "Done".

 

[popeye]

How can i do a scan with CSF ?

 

[24x7server]

Hello,

You can check your server security through CSF firewall, Here are the CSF demo link, Please check it

Main CSF plugin interface : ConfigServer Security & Firewall

And click on : "Check Server Security" on your server you will get the full server security report

Check this demo Report page : ConfigServer Security & Firewall

 

[popeye]

Yes i did all that when i installed it but i do still have some red warnings, left the ones i was not sure about.

 

[24x7server]

For which options are you getting red warnings ?

 

[popeye]

Check csf PT_SKIP_HTTP option
Check /dev/shm is mounted noexec,nosuid
Check MySQL LOAD DATA disallows LOCAL
Check for cxs
Check SSH on non-standard port
Check SSH PasswordAuthentication
Check mod_userdir protection
Check php for disable_functions
Check php for ini_set disabled
Check compilers
Check proxy subdomains
Check Accounts that can access a cPanel user account
Check Cookie IP Validation
Check Referrer Blank Security
Check Referrer Security
Check AppConfig Required
Check AppConfig as root
Check AppConfig ACLs
Check AppConfig Feature List
Check server startup for portreserve

 

[24x7server]

Hello,

At least you have to clear the following warning on your server

Check /dev/shm is mounted noexec,nosuid
Check SSH on non-standard port
Check SSH PasswordAuthentication
Check mod_userdir protection
Check php for disable_functions
Check php for ini_set disabled
Check compilers

If you have any help to clear all warnings let me know I will assist you in this regard

 

[cPanelMichael]

Hi was just about to do a scan but got this message below just wanted to know if this was normal ?

There are services enabled by default with your operating system that are not necessary for most web servers. This function will disable the following services: portmap - Used by NFS to map network drives cupsd - Used for printing nfs statd - Used for NFS file system mounting. nis - Network information service gpm - Console mouse services If you see a [FAILED] error message, this means that the service was not running when the scanner tried to shut it down. This is not a problem, the service will still be prevented from automatically starting.

Yes, this is a normal message. It's letting you know which services will be disabled in-case you utilize any of them.

Thank you.