Protect your Server. The Basics! (cPanel)

[Storming]

Well I take NO credit for the scripts provided herein I merely hope to share some things I have found to help me when I setup my VPS...

First of all we need to install a firewall, even if you don’t start this service this nifty script do's a security AUDIT for you...

To install ConfigServer Firewall
SSH into your root and then "cd" into the main directory (normally "cd ..") and now follow the script below

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

If you would like to disable APF+BFD (which you will need to do if you have
Them installed otherwise they will conflict horribly)
sh disable_apf_bfd.sh

That's it. You can then configure csf and lfd in WHM, or edit the files
directly in /etc/csf/*

Now login to cPanel root (WHM)
and scroll down to the bottom on the left pane and at the bottom you will see a link for ConfigServer Security & Firewall
Now by default your firewall wont be active which is a good thing as we don’t want any problems as of yet.
Now click Check Server Security

Now there might be quite a few items in here you should check. Most items will have a comment next to them and give you a complete guide on how to modify that item that’s come up "Warning"

For Shared Webhosting. I strongly recommend that you make sure the PHP & SSH tabs are all "Ok" status as this is the man source of problems within a exploit.

At the bottom you should be shown a score.

0 to 15 > Wet Paper Bag
16 to 31 > Dry Paper Bag
32 to 47 > Wooden Box
48 to 63 > Brick Wall
64 to 68 > Reinforced Concrete

My server is "65" and I cannot push to score "68" as I will not modify some of the items I know are ok. However each server you configure depending on what setup should try and fall above a "48" score!

Now, once you have sorted most of those and have got a nice score its time to sort the firewall out. Click the Firewall Configuration
And read each and every item to understand its properties!

That’s it, once you have done this you can turn your firewall on and depending on what setup you have I recommend you keep to Low profile!

For more help visit http://www.configserver.com/cp/csf.html

__________________________________________________ __

SSH login message

(By default I have this set only to the root User and no shared accounts. but it’s up to you what you do...)

Top create a login message login via root with your favourite SSH client (PuTTY!!)
and type this

pico /etc/motd

Now type your message here to warn users about your AUP etc..

Now type Ctrl+X then hit Y and enter

Saved and all done!

__________________________________________________ __

Another good trick is to have rkhunter check your server for rootkits!

Yes this tutorial is already out there but you should use it!
SSH into root

wget http://downloads.rootkit.nl/rkhunter-1.2.8.tar.gz
tar -zxvf rkhunter-1.2.8.tar.gz
cd rkhunter-1.2.8
./installer.sh

Now cron this!

pico /etc/cron.daily/rkhunter.sh

#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter Scan Report" email@domain.com)

chmod +x /etc/cron.daily/rkhunter.sh

Now update..

rkhunter --update

and finaly do a scan!

/usr/local/bin/rkhunter -c

There may be some sectors that show as Bad but this should’nt concern you unless it states on results you have a rootkit!

Storming Reviewed by Storming on 16th Aug 2009. Protect your Server. The Basics! (cPanel) Well I take NO credit for the scripts provided herein I merely hope to share some things I have found to help me when I setup my VPS... First of all we need to install a firewall, even if you don’t start this service this nifty script do's a security AUDIT for you... To install ConfigServer Firewall SSH into your root and then "cd" into the main directory (normally "cd ..") and now follow the script belowrm -fv csf.tgz wget http://www.configserver.com/free/csf.tgz tar -xzf csf.tgz cd Rating: 5

[Gavo]

I add the following to WHM when i setup a server, not really security related but adds new functions. (I removed the non free ones)

You dont really need to install the ddos script as CFS firewall has protection now, but I run both.


Winrar is used to pack/unpack files for remote uploading and rapidleech/torrentflux now supports rar/unrar.

Code: 

wget http://www.rarlab.com/rar/rarlinux-3.8.0.tar.gz
tar -zxvf rarlinux-3.8.0.tar.gz
cd rar
cp rar unrar /bin
 
csf firewall
http://www.configserver.com/free/csf/install.txt
--------------------------------------------------------------------------------
Informations:
When you run this Perl script, it will then run an netstat command check how many times each IP is connected and if there are more then the number of connections you specified then it will automatically run a command in APF for the IP to be banned.
--------------------------------------------------------------------------------
Installing:
wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh
 
Config mail que
http://www.configserver.com/free/cmq.tgz
1. Upload the cmq.tgz file to your server
2. Untar the distribution:
tar -xzf cmq.tgz
3. cd into the directory created and run the install script:
cd cmq/
sh install.sh
4. Login to WHM and scroll to the bottom of the left hand menu and you should see "ConfigServer Mail Queues"
If you want to uninstall, simply:
rm -fv /usr/local/cpanel/whostmgr/docroot/cgi/addon_cmq.cgi
rm -fv /usr/local/cpanel/whostmgr/docroot/cgi/cmqversion.txt
rm -Rfv /usr/local/cpanel/whostmgr/docroot/cgi/cmq/
 
Config Mail Manage
http://www.configserver.com/free/cmm.tgz
1. Upload the cmm.tgz file to your server
2. Untar the distribution:
tar -xzf cmm.tgz
3. cd into the directory created and run the install script:
cd cmm/
sh install.sh
4. Login to WHM and scroll to the bottom of the left hand menu and you should see "ConfigServer Mail Manage"
If you want to uninstall, simply:
rm -fv /usr/local/cpanel/whostmgr/docroot/cgi/addon_cmm.cgi
rm -fv /usr/local/cpanel/whostmgr/docroot/cgi/cmmversion.txt
rm -Rfv /usr/local/cpanel/whostmgr/docroot/cgi/cmm/
 
Config Explorer
http://www.configserver.com/free/cse.tgz
1. Upload the cmm.tgz file to your server
2. Untar the distribution:
tar -xzf cse.tgz
3. cd into the directory created and run the install script:
cd cse/
sh install.sh
4. Login to WHM and scroll to the bottom of the left hand menu and you should see "ConfigServer Mail Manage"
 
LogView Installation  
Login to your server as a root user
wget http://www.logview.org/logview-install
chmod +x logview-install
./logview-install
Wait for install complete message
rm -f logview-install