Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : VPS security

[eahpk]

how i can secure my VPS, i am using Hyper VM/ Kloxo.

[hostechsupport]

Well, you should install third party firewall like csf/apf first. After that, you can install apache modules like mod_evasive, mod_security etc etc. Apart from this you can change ssh port, disable telnet, install rkhunter/chkrootkit etc. tools. You can refer following site. Security

[inspiron]

Also most important thing is to secure your /tmp partition as most of the attack are targeted through this partition only.

[eahpk]

Quote:

Originally Posted by inspiron

Also most important thing is to secure your /tmp partition as most of the attack are targeted through this partition only.

but how i can secure /tmp?

as i am new, is there is any step by step guide?

[hostechsupport]

Quote:

Originally Posted by eahpk

but how i can secure /tmp?

as i am new, is there is any step by step guide?

Just use following thread. It contains with complete instruction on how to secure your vps server...

http://www.webhostingtalk.com/showthread.php?t=936733

[madaboutlinux]

You can secure /tmp by executing the following command:

Quote:

# mount -o bind,nosuid,noexec /tmp /tmp

and once done, verify it by executing

Quote:

# mount

You can also have your hosting provider to do it for you from the host server in case, the /tmp unmounts after a reboot. The way to secure /tmp from the host server is:

Quote:

# vzctl set VEID --bindmount_add /tmp,nosuid,noexec,nodev --save

where, VEID is your VPS ID.

[eahpk]

thanks for sharing

[eahpk]

this is the result after doing

Quote:

# vzctl set VEID --bindmount_add /tmp,nosuid,noexec,nodev --save

Quote:

/dev/simfs on / type reiserfs (rw,usrquota,grpquota)
/proc on /proc type proc (rw)
/sys on /sys type sysfs (rw)
none on /dev/pts type devpts (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
/tmp on /tmp type none (rw,noexec,nosuid,bind)
[****@**** ~]#
[***@***** ~]# /dev/simfs on / type reiserfs (rw,usrquota,grpquota)
-bash: syntax error near unexpected token `('
[***@***** ~]# /proc on /proc type proc (rw)
-bash: syntax error near unexpected token `('
[***@***** ~]# /sys on /sys type sysfs (rw)
-bash: syntax error near unexpected token `('
[***@***** ~]# none on /dev/pts type devpts (rw)
-bash: syntax error near unexpected token `('
[***@***** ~]# none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
-bash: syntax error near unexpected token `('
[***@***** ~]# /tmp on /tmp type none (rw,noexec,nosuid,bind)
-bash: syntax error near unexpected token `('

[madaboutlinux]

The first 2 commands needs to be executed from within the VPS (which you did) and the last command is suppose to be executed from the main node your VPS is hosted on, not from within the VPS (which is why you see those error messages).

BTW, the first command mounts /tmp with nosuid,noexec option which you can verify using the 2nd command. I can see you have secured /tmp now...

Quote:

/tmp on /tmp type none (rw,noexec,nosuid,bind)

[eahpk]

ok if /tmp is secured than whats the next step to secure the VPS

[madaboutlinux]

There are various things you need to look out for, Apache, Mysql, PHP, firewall, restricting SSH access, restricting Ftp access if you are not going to host too many clients, installing Rkhunter/Chkrootkit etc...

[eahpk]

Quote:

Originally Posted by madaboutlinux

There are various things you need to look out for, Apache, Mysql, PHP, firewall, restricting SSH access, restricting Ftp access if you are not going to host too many clients, installing Rkhunter/Chkrootkit etc...

i want to host only my websites on this VPS...