Results 1 to 8 of 8
  1. #1
    Join Date
    Oct 2008
    Posts
    2,249

    Anything else to secure this?

    Well I have 2 people that do most of the server securing but I want to do more myself. and I have another company check there work.

    So far I have done:
    csf and BFD Installation
    CHKROOTKIT + RKHUNTER Package
    Securing of all drives and linux partitions
    Zend | Ioncube | eAccelerator Installation
    Bandwidth Monitoring and Logistics
    MySQL and PHP Optimization
    Sysctl.conf Hardening
    Mod_evasive and mod_security
    ICMP Flow Regulation
    RNDC Configuration
    Force SSH Protocol 2
    Secure named.conf


    is there really anything else I need to do?
    Leader of the new anti sig spamming club.

  2. #2
    Join Date
    Nov 2003
    Posts
    516
    Yeah, you could secure SSH a bit more.

    1) Assign an IP for SSH ONLY.
    2) Assign a port for SSH ONLY.
    3) Setup one user that can SU to root. (that would be that users ONLY function)
    4) Disable direct root login.

    Of course some of this is only if you're paranoid. Kinda like wearing shoes with velcro AND laces

    And I imagine some of the above can be eliminated through use of SSH keys. And also setting cfs to block IPs that don't login properly after a few failed attemps. (brute force attacks n such)

    Also - just curious, I thought there was some conflicts with installing Zend, Ionube, and eA all at the same time? (particularly zend+eA)

  3. #3
    Quite a bit more... But what worries me is that there seems to be just generic applications thrown onto the vps to secure it; Instead of the company actually saying what they are securing they just throw more crap into the pot if you will.
    I recommend a server that has the following:

    • Some sort of access control. selinux, tomoyo, gradm, smack, etc
    • A HIDS and NIDS system, snort, samhain, etc
    • Grsecurity if using linux or at least PAX

  4. #4
    Join Date
    Mar 2009
    Posts
    39
    Quote Originally Posted by Devil Inside View Post
    Yeah, you could secure SSH a bit more.

    1) Assign an IP for SSH ONLY.
    2) Assign a port for SSH ONLY.
    3) Setup one user that can SU to root. (that would be that users ONLY function)
    4) Disable direct root login.

    Of course some of this is only if you're paranoid. Kinda like wearing shoes with velcro AND laces

    And I imagine some of the above can be eliminated through use of SSH keys. And also setting cfs to block IPs that don't login properly after a few failed attemps. (brute force attacks n such)

    Also - just curious, I thought there was some conflicts with installing Zend, Ionube, and eA all at the same time? (particularly zend+eA)
    I presently use Zend in combination with ionCube and eAccelerator on several machines without issue. Anywho - you'll definitely want to lock down your kernel with security policies, I wouldn't trust the default kernels.

  5. #5
    Join Date
    Oct 2008
    Posts
    2,249
    ok thanks guys, I can secure a windows server easily and greatly linux not so much. One of my tech support staff is going back to germany for a week and I can do most things now but its always better to be safe
    Leader of the new anti sig spamming club.

  6. #6
    Hi,

    What about securing your binary..?
    like wget and other binary's


    Thanks
    Cyrus AKA Dave

  7. #7
    Setup a chroot environment for every service?

  8. #8
    Join Date
    May 2009
    Location
    SLASH ROOT
    Posts
    853

Similar Threads

  1. Summer is coming around.. Secure your boxes...Secure your business
    By Steven in forum Other Web Hosting Related Offers
    Replies: 0
    Last Post: 06-05-2005, 07:26 PM
  2. Summer is coming around.. Secure your boxes...Secure your business
    By Steven in forum Employment / Job Offers
    Replies: 7
    Last Post: 06-05-2005, 10:15 AM
  3. CNET Secure Delivery Plug In - is it really secure ?
    By X-Max in forum Web Hosting Lounge
    Replies: 7
    Last Post: 10-21-2004, 09:28 PM
  4. Secure POP3 and Secure SMTP
    By cweb in forum Hosting Security and Technology
    Replies: 6
    Last Post: 02-20-2003, 10:25 PM
  5. Telnet, Secure, Not Secure, Scripts, Shared Server
    By Domenico in forum Hosting Security and Technology
    Replies: 15
    Last Post: 10-06-2001, 11:26 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •