How to Totally Optimise and Secure your Linux server

[Ifirst]

Today i would like to share some of my tips and trick so as to make everyone lives easier and do my best to help people and provide useful info.
In this post i would be using centos as example but you can easily modify commands for your linux distro.

How to secure your linux(Centos)

1.Update/Patch your kernel
Why?
Vulnerabilities in kernel are being found by security experts continuously by security experts.
How?
Execute this via SSH.

Code: 

yum -y update

2.Change SSH Port
Why?
By default your ssh port is 22.Script kiddies will try their best to bruteforce your ssh password.Even if they don't succeed , they add load to the server , so time to kick their butt out of your server.
How?
Open sshd_config with nano ,vi or any other editor of your choice.(Here 1559 is my new ssh port)
Change line :

Code: 

#Port 22

To

Code: 

Port 1559

and change line :

Code: 

Protocol 2,1

To:

Code: 

Protocol 2

Save the changes and restart ssh service to apply new changes.
Execute via ssh:

Code: 

service sshd restart

3.Install Firewall(I recommend CSF)
Why?
This firewall will protect your site against DDos
How?
Execute this via SSH.

Code: 

wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
./csftest.pl
./install.sh

Then after install is done , open /etc/csf/csf.conf and modify the setting below to enable firewall

Code: 

Testing = "0"
TCP_IN = ---->Add new ssh port at end of line if you have modified default(e.g Port 15
TCP_OUT = --->Add port 1454
CT_LIMIT = "80" --->This IS VERY IMPORTANT setting , CSF will ban anyone haven't more than 80 open connections to your server(bye bye DDosers)
CT_PERMANENT = "1"
CT_BLOCK_TIME = "1800"
CT_INTERVAL = "30"

Then save changes and execute via ssh.

Code: 

service csf restart

4.Secure PHP (Of course if you use them , most do btw)
Open php.ini and make sure your settings resembles mine:

expose_php = Off
Enable_dl= Off
display errors = off
disable_functions = system, show_source, symlink, exec,dl,shell_exec, passthru, phpinfo,escapeshellarg,escapeshellcmd

After you are done execute this via ssh.

Code: 

service httpd restart

.......More to come soon , reply and tell me how much you like/dislike it
What to expect in a few days?
How to secure Apache
How to Harden Linux Kernel
Some server monitoring tips

Ifirst Reviewed by Ifirst on 24th Sep 2012. How to Totally Optimise and Secure your Linux server Today i would like to share some of my tips and trick so as to make everyone lives easier and do my best to help people and provide useful info. In this post i would be using centos as example but you can easily modify commands for your linux distro. How to secure your linux(Centos) 1.Update/Patch your kernel Why? Vulnerabilities in kernel are being found by security experts continuously by security experts. How? Execute this via SSH. Rating: 5