Announcement

Collapse
No announcement yet.

Summary of security steps for Linux

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Summary of security steps for Linux

    Some of the tip and trick to take care while working on the security steps for Linux operating systems.



    1. Exim.
    Enable extended logging :
    Add the following line in exim, below the first line recommended log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn \

    Fommail Trap
    FormMail-Trap
    For Securing Exim i found this a Good resource
    cPanel Theme - RVSkin, a great experience for you, reseller, and clients

    2. Secure Httpd :-
    install mod_security
    install mod_dosevasive (causes problem with FP sometimes though)

    3. Secure PHP :-
    disable_functions = "system,exec"

    eAccelerator for PHP acceleration
    eAccelerator | Download eAccelerator software for free at SourceForge.net

    3.5 IPTABLES settings ;-
    iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j IN_SANITY

    4. Some small recommended apps :-

    Install BFD from rfxnetworks.net
    Install LSM from rfxnetworks.net
    APF from rfxnetworks.net
    rkhunter can be found on Rootkit.nl - Protect your machine


    5. cpanel script to disable compilers incase we have not done this yet
    /scripts/compilers off


    6. MYSQL Security Measures :-

    mysql query cache
    vi /etc/my.cnf
    query-cache-type = 1
    query-cache-size = 100M
    100M can be changed according to how busy the server is

    7. Securing some binaries :- make the necessary changes on the folder as per the security.

    chmod 750 /usr/bin/rcp
    chmod 750 /usr/bin/wget
    chmod 750 /usr/bin/lynx
    chmod 750 /usr/bin/links
    chmod 750 /usr/bin/scp
    chmod 000 /etc/httpd/proxy/

    8. Some other tweaks related to linux.
    Securing /tmp
    /dev/sad3 /tmp ext2 loop,noexec,nosuid,rw 0 0
    A good sysctl config can be found here Syctl.conf Hardening | eth0.us - Server admin info for cPanel, plesk, ensim and linux!

    httpd.conf
    Timeout 15
    KeepAlive Off
    KeepAliveTimeout 5

  • #2
    The information you have provided is helpful. Thanks For sharing Shane.
    UK VPS Hosting || SEO Server || Cloud Hosting
    Looking for extra income ?
    Join our webhosting affiliate program and earn upto 300 Webhosting UK Affiliate

    Comment


    • #3
      Hey Great information you have provided here . . Install an intrusion detection system can also be helpful As per my point of view

      Comment


      • #4
        I think this information is absolutely helpful...thanks for posting it.

        Comment

        Working...
        X