Server Security

Audiopro · Apr 12, 2014

I was quite surprised to see that my VPS was delivered with some security issues unresolved, is it normal for them to be delivered this way?
I have closed a lot of the obvious holes but security advisor reports that there are still some outstanding issues.
Which of the following security alerts should be dealt with urgently and which, if any can I ignore or is it a case of, if they appear in the list they must be dealt with as soon as?

Apache vhosts are not segmented or chroot()ed.

ClamAV is not installed.

Frontpage is installed

Current kernel version is out of date. current: 2.6.32-358.14.1.el6, expected: 2.6.32-431.11.2.el6

SSH password authentication is enabled.

SSH direct root logins are permitted.

Outbound SMTP connections are unrestricted.

pauloray · Apr 12, 2014

Is this a new Unmanaged VPS?

Usually, VPS providers will just install the OS and Control Panel and you take care of the rest.

You can also use CSF with your Cpanel, it's a good firewall.

Audiopro · Apr 12, 2014

Thanks for the reply, yes it is unmanaged.
CSF is not installed, is that something I can install myself or does the ISP have to do that for me?

PenguinInternet · Apr 12, 2014

If you have root access, you can install CSF yourself (ConfigServer Security & Firewall)

Audiopro · Apr 12, 2014

Thanks - I will look into that tomorrow when the beer has worn off.
I am sure I will get my head round all this eventually and the journey is made easier with the help from you guys.

cPanelMichael · Apr 14, 2014

Hello

To answer your question, it's not out of the ordinary for a VPS provider to setup your server from a template. This may result in an older kernel version, and require you to make some changes to the server in order to increase the security. Let us know if you have any questions about the specific recommendations listed on the Security Advisor.

Thank you.

Audiopro · Apr 14, 2014

Do you recommend I carry out all the changes highlighted by security advisor or are some of them not required?

cPanelMichael · Apr 14, 2014

Yes, personally I would follow the recommendations and implement the changes. However, you may need to review the suggested changes and see if it works for your particular environment, or consider alternatives if necessary.

Thank you.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

Server Security

Audiopro Active Member

pauloray Well-Known Member

Audiopro Active Member

PenguinInternet Well-Known Member
PartnerNOC

Audiopro Active Member

cPanelMichael Forums Analyst
Staff Member

Audiopro Active Member

cPanelMichael Forums Analyst
Staff Member

Could not download backup file; security policy on the remote server forbids it.

SOLVED getremotecpmove - security policy on the remote server

Security Advisor: close port 3306 in the server’s firewall

SOLVED 404 when I click ConfigServer Security & Firewall

Tutorial Interested in increasing the security of your server? Read this. (sshd hardening)

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

Server Security

Audiopro Active Member

pauloray Well-Known Member

Audiopro Active Member

PenguinInternet Well-Known Member PartnerNOC

Audiopro Active Member

cPanelMichael Forums Analyst Staff Member

Audiopro Active Member

cPanelMichael Forums Analyst Staff Member

Could not download backup file; security policy on the remote server forbids it.

SOLVED getremotecpmove - security policy on the remote server

Security Advisor: close port 3306 in the server’s firewall

SOLVED 404 when I click ConfigServer Security & Firewall

Tutorial Interested in increasing the security of your server? Read this. (sshd hardening)

Share This Page

PenguinInternet Well-Known Member
PartnerNOC

cPanelMichael Forums Analyst
Staff Member

cPanelMichael Forums Analyst
Staff Member