DomineauX
11-26-2003, 02:59 PM
####################################
$150 for full package to the next 4 people who contract me to perform these projects.
Contact via MSN at tony@domineaux.net or AIM at Dot5Tony
####################################
Contractor available for Securing Ensim/WHM (Cpanel)
I am available immediately to install and configure a comprehensive security package for Ensim and WHM/CPanel servers. Some of the features offered are as follows:
1. System hardening (updating insecure packages, removing un-needed packages, modifying configurations of services to make it harder to find out exploitable info about the servers)
2. Setup of multiple intrusion detection systems with reporting and live monitoring capabilities
3. Modification to SSH to disallow root logins directly and force SSH Protocol 2 usage (AllowRootLogin)
*this will mean you will need to login via SSH as admin/or another user account and then use "su -" to become root.
4. Enhance passwords so that admin and root are different, and each server has unique passwords as well as Ensim using a different password then admin or root.
5. Disable all insecure access to CPanel and WHM such as disabling the non SSL access via ports:
WHM 2086, CPanel 2082, and web mail 2095 which are currently used by default
6. Upgrade Kernel to 2.4.20-20.7
7. Enhancing Kernel integrity by removing any unneeded kernel modules, and locking the kernel to insure that hacks which load additional modules into the kernel are not possible.
8. Install system integrity checking using Tripwire to keep a database of md5sum data about all system binaries and scripts
which will be used to check the current system for changes to any important files 4 times a day.
(which will mean that if anything is modified by an exploit, it will be detected within a maximum of 6 hours)
9. Make SSH function on a port other than the default 22
10. Replace admin user for SSH with another username
11. Disabling telnet
12. Install PRM (Process Resource Monitor) to kill off runaway processes
13. Set a Legal SSH Message or MOTD
14. Setup an alert that would be sent via email any time someone logs into the server as root which includes their IP.
15. Installation and configuration of either PMFirewall, Bastille, KISS or APF Firewall systems (APF preferred)
16. Install and configure Chkrootkit to run daily emailing output to you (can be setup to only email if a problem is detected)
17. Set MySQL root password to a unique pass
18. Setup cron job to update the server time nightly and sync hardware clock to match.
19. Set <http://server name or IP/> to redirect to <http://hosting sales site/> instead of refreshing to Control Panel (so when a site is suspended viewers of the site see your hosting site)
Make new alias such as http://server name or IP/ensim to access Control Panel [ENSIM Only]
20. Control Panel system upgrades
21. Upgrade any packages that have known exploits (where acceptable by the control panel system)
*******
Many other possible upgrades, installs and reconfigurations available as well depending on need.
*******
Please contact me via e-mail for information or pricing for any of these services. Rates will be negotiated and can be based on time, or per project. All of these modifications have been thoroughly tested and installed on a minimum of 3 test servers, and 5 production servers.
References are available as well.
Payment accepted via PayPal primarily.
$150 for full package to the next 4 people who contract me to perform these projects.
Contact via MSN at tony@domineaux.net or AIM at Dot5Tony
####################################
Contractor available for Securing Ensim/WHM (Cpanel)
I am available immediately to install and configure a comprehensive security package for Ensim and WHM/CPanel servers. Some of the features offered are as follows:
1. System hardening (updating insecure packages, removing un-needed packages, modifying configurations of services to make it harder to find out exploitable info about the servers)
2. Setup of multiple intrusion detection systems with reporting and live monitoring capabilities
3. Modification to SSH to disallow root logins directly and force SSH Protocol 2 usage (AllowRootLogin)
*this will mean you will need to login via SSH as admin/or another user account and then use "su -" to become root.
4. Enhance passwords so that admin and root are different, and each server has unique passwords as well as Ensim using a different password then admin or root.
5. Disable all insecure access to CPanel and WHM such as disabling the non SSL access via ports:
WHM 2086, CPanel 2082, and web mail 2095 which are currently used by default
6. Upgrade Kernel to 2.4.20-20.7
7. Enhancing Kernel integrity by removing any unneeded kernel modules, and locking the kernel to insure that hacks which load additional modules into the kernel are not possible.
8. Install system integrity checking using Tripwire to keep a database of md5sum data about all system binaries and scripts
which will be used to check the current system for changes to any important files 4 times a day.
(which will mean that if anything is modified by an exploit, it will be detected within a maximum of 6 hours)
9. Make SSH function on a port other than the default 22
10. Replace admin user for SSH with another username
11. Disabling telnet
12. Install PRM (Process Resource Monitor) to kill off runaway processes
13. Set a Legal SSH Message or MOTD
14. Setup an alert that would be sent via email any time someone logs into the server as root which includes their IP.
15. Installation and configuration of either PMFirewall, Bastille, KISS or APF Firewall systems (APF preferred)
16. Install and configure Chkrootkit to run daily emailing output to you (can be setup to only email if a problem is detected)
17. Set MySQL root password to a unique pass
18. Setup cron job to update the server time nightly and sync hardware clock to match.
19. Set <http://server name or IP/> to redirect to <http://hosting sales site/> instead of refreshing to Control Panel (so when a site is suspended viewers of the site see your hosting site)
Make new alias such as http://server name or IP/ensim to access Control Panel [ENSIM Only]
20. Control Panel system upgrades
21. Upgrade any packages that have known exploits (where acceptable by the control panel system)
*******
Many other possible upgrades, installs and reconfigurations available as well depending on need.
*******
Please contact me via e-mail for information or pricing for any of these services. Rates will be negotiated and can be based on time, or per project. All of these modifications have been thoroughly tested and installed on a minimum of 3 test servers, and 5 production servers.
References are available as well.
Payment accepted via PayPal primarily.