Felxi
12-31-2006, 06:38 PM
Well I take NO credit for the scripts provided herein I merely hope to share some things I have found to help me when I setup my VPS...
First of all we need to install a firewall, even if you don’t start this service this nifty script do's a security audit for you...
To install ConfigServer Firewall
SSH into your root and then "cd" into the main directory (normally "cd ..") and now follow the script below
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
If you would like to disable APF+BFD (which you will need to do if you have
Them installed otherwise they will conflict horribly)
sh disable_apf_bfd.sh
That's it. You can then configure csf and lfd in WHM, or edit the files
directly in /etc/csf/*
Now login to cPanel root (WHM)
and scroll down to the bottom on the left pane and at the bottom you will see a link for ConfigServer Security & Firewall
Now by default your firewall wont be active which is a good thing as we don’t want any problems as of yet.
Now click Check Server Security
Now there might be quite a few items in here you should check. Most items will have a comment next to them and give you a complete guide on how to modify that item that’s come up "Warning"
For shared web hosting I strongly recommend that you make sure the PHP & SSH tabs are all "Ok" status as this is the man source of problems within a exploit.
At the bottom you should be shown a score.
0 to 15 > Wet Paper Bag
16 to 31 > Dry Paper Bag
32 to 47 > Wooden Box
48 to 63 > Brick Wall
64 to 68 > Reinforced Concrete
My server is "65" and I cannot push to score "68" as I will not modify some of the items I know are ok. However each server you configure depending on what setup should try and fall above a "48" score!
Now, once you have sorted most of those and have got a nice score its time to sort the firewall out. Click the Firewall Configuration
And read each and every item to understand its properties!
That’s it, once you have done this you can turn your firewall on and depending on what setup you have I recommend you keep to Low profile!
For more help visit http://www.configserver.com/cp/csf.html
____________________________________________________
SSH login message
(By default I have this set only to the root user and no shared accounts. but it’s up to you what you do...)
Top create a login message login via root with your favourite SSH client (PuTTY!!)
and type this
pico /etc/motd
Now type your message here to warn users about your AUP etc..
Now type Ctrl+X then hit Y and enter
Saved and all done!
____________________________________________________
Another good trick is to have rkhunter check your server for rootkits!
Yes this tutorial is already out there but you should use it!
SSH into root
wget http://downloads.rootkit.nl/rkhunter-1.2.8.tar.gz
tar -zxvf rkhunter-1.2.8.tar.gz
cd rkhunter-1.2.8
./installer.sh
Now cron this!
pico /etc/cron.daily/rkhunter.sh
#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter Scan Report" email@domain.com)
chmod +x /etc/cron.daily/rkhunter.sh
Now update..
rkhunter --update
and finaly do a scan!
/usr/local/bin/rkhunter -c
There may be some sectors that show as Bad but this should’nt concern you unless it states on results you have a rootkit!
If you have any findings or extra tweaks please post them in here.
First of all we need to install a firewall, even if you don’t start this service this nifty script do's a security audit for you...
To install ConfigServer Firewall
SSH into your root and then "cd" into the main directory (normally "cd ..") and now follow the script below
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
If you would like to disable APF+BFD (which you will need to do if you have
Them installed otherwise they will conflict horribly)
sh disable_apf_bfd.sh
That's it. You can then configure csf and lfd in WHM, or edit the files
directly in /etc/csf/*
Now login to cPanel root (WHM)
and scroll down to the bottom on the left pane and at the bottom you will see a link for ConfigServer Security & Firewall
Now by default your firewall wont be active which is a good thing as we don’t want any problems as of yet.
Now click Check Server Security
Now there might be quite a few items in here you should check. Most items will have a comment next to them and give you a complete guide on how to modify that item that’s come up "Warning"
For shared web hosting I strongly recommend that you make sure the PHP & SSH tabs are all "Ok" status as this is the man source of problems within a exploit.
At the bottom you should be shown a score.
0 to 15 > Wet Paper Bag
16 to 31 > Dry Paper Bag
32 to 47 > Wooden Box
48 to 63 > Brick Wall
64 to 68 > Reinforced Concrete
My server is "65" and I cannot push to score "68" as I will not modify some of the items I know are ok. However each server you configure depending on what setup should try and fall above a "48" score!
Now, once you have sorted most of those and have got a nice score its time to sort the firewall out. Click the Firewall Configuration
And read each and every item to understand its properties!
That’s it, once you have done this you can turn your firewall on and depending on what setup you have I recommend you keep to Low profile!
For more help visit http://www.configserver.com/cp/csf.html
____________________________________________________
SSH login message
(By default I have this set only to the root user and no shared accounts. but it’s up to you what you do...)
Top create a login message login via root with your favourite SSH client (PuTTY!!)
and type this
pico /etc/motd
Now type your message here to warn users about your AUP etc..
Now type Ctrl+X then hit Y and enter
Saved and all done!
____________________________________________________
Another good trick is to have rkhunter check your server for rootkits!
Yes this tutorial is already out there but you should use it!
SSH into root
wget http://downloads.rootkit.nl/rkhunter-1.2.8.tar.gz
tar -zxvf rkhunter-1.2.8.tar.gz
cd rkhunter-1.2.8
./installer.sh
Now cron this!
pico /etc/cron.daily/rkhunter.sh
#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter Scan Report" email@domain.com)
chmod +x /etc/cron.daily/rkhunter.sh
Now update..
rkhunter --update
and finaly do a scan!
/usr/local/bin/rkhunter -c
There may be some sectors that show as Bad but this should’nt concern you unless it states on results you have a rootkit!
If you have any findings or extra tweaks please post them in here.