Supported Operating Systems:

CentOS 4.x
RHEL 4.x
Fedora Core 5/6

Supported Control Panels:

None
Cpanel

--------------------------------------------------------------------------------

Hack or Spam Resolution: ($15 per hour billed in 20 minute increments)

* no charge for initial assessment of hack severity
- find and close source of intrusion
- harden server against future attacks or spam exploits

Security Audit ($50 one time plain or $30 one time with cpanel)

Install and configure mod_security
Install and configure mod_evasive
Installation of APF (Advanced Policy Firewall)
Installation of BFD (Brute Force Protection)
Installation of PRM (Process Resource Monitor)
Installation of SIM (System Integrity monitor)
Installation of LES (Linux Environment Security)

System Hardening:

Limit compiler & fetch utilities access to root only Restrict utilites such as wget, gcc, etc. to root only
Disable unused services
Update all server/control panel software Update control panel and operating system packages
Remove unneeded operating system packages Remove uneeded and/or insecure rpm packages
Upgrade kernel to latest os release or compile new kernel

PHP Email Security:

Mail Header patch (http://choon.net/php-mail-header.php? (helps track mail sent by nobody user)

Services Hardening:

MySQL - Ensure root password is set Ensure mysql has a root password, if not set one
SSH - Ensure openssh is using only protocol 2 Only run secure protocols
Disable certain php functions (system,exec,shell_exec) Malicious commands can be executed though php shell functions

Temporary Space:

Enforce noexec & nosuid on tempoary directorys such as /tmp and /var/tmp Prevent execution in these directorys
Remove apache proxy directory (cpanel servers) Unneeded and often used for malicious file storage
Enforce noexec on tmpfs which as shm (shared memory) and ramdisks Prevent execution in these shared memory locations

Misc. Hardening:

Disable DNS Recursion Lowers the risk of cache poisening
Disable IP Source Routing Hardening of the TCP/IP stack
Disable ICMP Redirect Acceptance
Enable IP Spoofing Protection
Enable syncookie Protection
Enable misc. sysctl settings
Harden host.conf Prevents dns poison and spoof

Logging/analysis setup:

Logwatch installation Cumulative daily log reporting
Chkrootkit installation and report cronjob Rootkit detection and reporting
Rkhunter installation and report cronjob

Kernel Compile Plan ($20 per month)

* as many kernel compiles as you need for 1 server
* updates sent via email for kernel security and critical bugfixes
* service is not proactive customer must request kernel compiles

- update to kernel 2.6.18.3 or latest stable 2.6 kernel
- includes custom driver requests

* must be able to supply driver documentation and source code

Optimization Service (15$ one time)

-optimize mysql and and httpd for your system

Payment Methods

I can accept payments via paypal and 2checkout. There is no charge until work is done to your satisfaction.

Preferred Contact Methods:

email: [email protected]
msn: [email protected]
aim: cywkevin

Optional Contact:

private message via forum (may take longer for response)