I was quite surprised to see that my VPS was delivered with some security issues unresolved, is it normal for them to be delivered this way?
I have closed a lot of the obvious holes but security advisor reports that there are still some outstanding issues.
Which of the following security alerts should be dealt with urgently and which, if any can I ignore or is it a case of, if they appear in the list they must be dealt with as soon as?
Apache vhosts are not segmented or chroot()ed.
ClamAV is not installed.
Frontpage is installed
Current kernel version is out of date. current: 2.6.32-358.14.1.el6, expected: 2.6.32-431.11.2.el6
SSH password authentication is enabled.
SSH direct root logins are permitted.
Outbound SMTP connections are unrestricted.
I have closed a lot of the obvious holes but security advisor reports that there are still some outstanding issues.
Which of the following security alerts should be dealt with urgently and which, if any can I ignore or is it a case of, if they appear in the list they must be dealt with as soon as?
Apache vhosts are not segmented or chroot()ed.
ClamAV is not installed.
Frontpage is installed
Current kernel version is out of date. current: 2.6.32-358.14.1.el6, expected: 2.6.32-431.11.2.el6
SSH password authentication is enabled.
SSH direct root logins are permitted.
Outbound SMTP connections are unrestricted.