Announcement

Collapse
No announcement yet.

Summary of security steps for Linux

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Alicia
    replied
    I think this information is absolutely helpful...thanks for posting it.

    Leave a comment:


  • hillaryjohnson
    replied
    Hey Great information you have provided here . . Install an intrusion detection system can also be helpful As per my point of view

    Leave a comment:


  • Jeffrey
    replied
    The information you have provided is helpful. Thanks For sharing Shane.

    Leave a comment:


  • shane10
    started a topic Summary of security steps for Linux

    Summary of security steps for Linux

    Some of the tip and trick to take care while working on the security steps for Linux operating systems.



    1. Exim.
    Enable extended logging :
    Add the following line in exim, below the first line recommended log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn \

    Fommail Trap
    FormMail-Trap
    For Securing Exim i found this a Good resource
    cPanel Theme - RVSkin, a great experience for you, reseller, and clients

    2. Secure Httpd :-
    install mod_security
    install mod_dosevasive (causes problem with FP sometimes though)

    3. Secure PHP :-
    disable_functions = "system,exec"

    eAccelerator for PHP acceleration
    eAccelerator | Download eAccelerator software for free at SourceForge.net

    3.5 IPTABLES settings ;-
    iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j IN_SANITY

    4. Some small recommended apps :-

    Install BFD from rfxnetworks.net
    Install LSM from rfxnetworks.net
    APF from rfxnetworks.net
    rkhunter can be found on Rootkit.nl - Protect your machine


    5. cpanel script to disable compilers incase we have not done this yet
    /scripts/compilers off


    6. MYSQL Security Measures :-

    mysql query cache
    vi /etc/my.cnf
    query-cache-type = 1
    query-cache-size = 100M
    100M can be changed according to how busy the server is

    7. Securing some binaries :- make the necessary changes on the folder as per the security.

    chmod 750 /usr/bin/rcp
    chmod 750 /usr/bin/wget
    chmod 750 /usr/bin/lynx
    chmod 750 /usr/bin/links
    chmod 750 /usr/bin/scp
    chmod 000 /etc/httpd/proxy/

    8. Some other tweaks related to linux.
    Securing /tmp
    /dev/sad3 /tmp ext2 loop,noexec,nosuid,rw 0 0
    A good sysctl config can be found here Syctl.conf Hardening | eth0.us - Server admin info for cPanel, plesk, ensim and linux!

    httpd.conf
    Timeout 15
    KeepAlive Off
    KeepAliveTimeout 5
Working...
X