A few of you may remember a few months back I started to learn Shell and Bash and made a script to automatically do some basic security things. Well lately, I have been puting some more time into it and here's what I came up with so far, although I usually add/edit a little something every once in a while to make it better (like all developers Smile ).
Updated: December 11, 2005
Current Version: 1.3.6
Anyway, here's what it does:
-Install RKHunter Cronjob which emails a user-set email address nightly
-Import old APF rules in an upgrade
-Add SM/TP monitoring IPs (view information on these in Orbit)
-Install CHKROOTKIT Cronjob which emails a user-set email address nightly
-Force SSH Protocol 2
-Install/update Zend Optimizer
-MySQL 4.0 and 4.1 Configuration Optimization (cPanel only)
-Upgrade MySQL to 4.1 (cPanel only)
-Tweak WHM Settings for security and stability
-Configure RNDC if not already done (cPanel only)
-Change SSH port (also configure APF as necessary)
-Add wheel user and disable direct root login over SSH
-Optimize MySQL tables
-Install/update ImageMagick (from latest source)
-Install Chirpy's Free Exim Dictionary Attack ACL
You can also run it with the --updatesoftware option and it will automatically upgrade RKHunter, APF, and BFD to the latest version.
The downloaded tarballs of RKHunter, BFD, APF, and CHKROOTKIT are from my own repository, however they are unchanged from the original sites. You can confirm this with the MD5s if you wish.
RKHunter, APF, BFD, CHKROOTKIT, and other tarballs are checked for MD5 mismatches before extracting to ensure the downloads are not corrupted.
Better OS/binary checks are performed before any installing. If a necessary binary isn't present, it will stop before making any changes.
Backups of changed files are kept in /usr/local/els/bakfiles and all source files are are worked with in /usr/local/els/src to keep things more organized.
This script works best with Red Hat Enterprise Linux version 3 (Taroon Update 4 and 5) and with cPanel 10.x installed.
Please let me know if you have any problems with this script, or any additions you would like to see. I'm also not the best at coding so if you know how to code and you see a problem with it, please let me know.
You can download and execute this script by copying the following command:
wget --output-document=installer.sh http://nsonetworks.com/request.php?1; chmod +x installer.sh; sh installer.sh
The installer script will automatically download and check the md5sum of the tarball (which is only another 2 scripts), as well as make the /usr/local/els directory and subdirectories.
Chirpy is not going to toot his own horn, but he has a GREAT FIREWALL that you can get from hist site. I know this is an OLD post, but for others reading it, go to his site at configserver and see CSF! He has gone over the edge in options and continues to make it better daily. We would also suggest his serviceschirpy said:That's what I'd recommend too - change SSH to a different port. Do also install APF+BFD for good protection, but most script kiddies pass you by if they don't find SSH on port 22 and don't bother scanning up for a different port - helps save on iptables entries too.
I second thisjdstallings said:Chirpy is not going to toot his own horn, but he has a GREAT FIREWALL that you can get from hist site. I know this is an OLD post, but for others reading it, go to his site at configserver and see CSF! He has gone over the edge in options and continues to make it better daily. We would also suggest his services
I've changed the SSH port and just doing that helped tremendously. My next step will be to set up the keys, that's a great suggestion.The best thing to do is change the port from 22 to some thing else and also use SSH Keys Do this and your ssh will never get hacked or failed logins also once you have got logged in and understand how to use ssh keys then disable password authentication.
I hope this helps
|Thread starter||Similar threads||Forum||Replies||Date|
|S||Failed opening file||General Discussion||2|
|I||The cPanel & WHM update process failed||General Discussion||9|
|M||exec of /scripts/rdate failed||General Discussion||3|
|C||Need help removing tag from thousands of files||General Discussion||16|
|S||Thousands of core.xxxx files- easy way to remove?||General Discussion||5|