Via SSH - Shell access
Install the ELS
wget --output-document=installer.sh http://servermonkeys.com/projects/els/installer.sh; chmod +x installer.sh; sh installer.sh; els --update; els --chkrootkit; els --rkhunter; els --chmodfiles; els --disabletelnet; els --hardensysctl; els --libsafe; els --mytop; els ---securepartitions
ELS "Easy Linux Security" is an updated module installer and small security scripts. There are many modules available, you can list them by simply running the els command in your shell. What I install above are the ones that make the most difference in terms of server security: chkrootkit (rootkit), rkhunter (another rootkit even better), chmodfiles (it changes the access permissions and execution of some scripts / commands on the server to just the root disables them), disabletelnet (disable / disable telnet, leaving only SSH), hardensysctl (makes a tunnig from your network interface), installs libsafe (32 bit systems only), mytop (installs a process viewer mysql as the TOP command does with the system).
Install logview
wget http://www.logview.org/logview-install
Install the CMM
wget http://www.configserver.com/free/cmm.tgz; tar -xzf cmm.tgz; cd cmm; ./install.sh
It is a browser log viewer, you do not need to open SSH to see the intricate system logs, with this WHM addon you see them via your WHM panel.
Install the CMQ
wget http://www.configserver.com/free/cmq.tgz; tar -xzf cmq.tgz; cd cmq; ./install.sh
Install the CMC
wget http://www.configserver.com/free/cmc.tgz; tar -xzf cmc.tgz; cd cmc; ./install.sh
Configuring the SSH port
pico -w /etc/ssh/sshd_config
And change the line "Port 22" to the port you want (remember to add the port on your firewall BEFORE or you will not be able to access the server any more).
ROOT access warning
Edit ".bash_profile" or with the command:
cd root; pico -w /root/.bash_profile
Add the code below at the end of the last command:
#
# GRAVA LOG E HISTORICO DE ACESSOS ROOT
#
echo 'who' >> .access
#
# EMAIL DE AVISO ACESSO ROOT
#
rootalert() {
echo 'ALERTA - Acesso ROOT SHELL'
echo
echo 'Servidor: ''hostname'
echo 'Data: ''date'
echo 'Usuario: ''who | awk '{ print $1 }''
echo 'TTY: ''who | awk '{ print $2 }''
echo 'Origem: ''who | awk '{ print $6 }' | /bin/cut -d '(' -f 2 | /bin/cut -d ')' -f 1'
echo
echo 'ACESSO ROOT EXECUTADO.'
echo
echo 'Estes usuários estão ativos neste instante como root:'
echo 'who | awk '{print $6}''
echo
echo 'Últimos 10 acessos efetuados:'
echo 'last -n 10'
echo
echo 'Informações: Horário deste acesso, Uptime e Load Averange atual'
echo 'uptime'
echo
}
rootalert | mail -s "Alerta: Acesso ROOT ['hostname']" SEUEMAILAQUICARAMBA
Install the CSF Firewall
wget http://www.configserver.com/free/csf.tgz; tar -xzf csf.tgz; cd csf; sh install.sh
Remove Lynx
First identify the package that you have installed:
rpm -qa | grep lynx
Then run:
rpm -e lynx NOMEDOPACOTE
Installing and properly configuring Maldetec
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz ; tar -xzf maldetect-current.tar.gz ; cd maldetect-* ; sh ./install.sh ; maldet --update-ver ; maldet --update
Now configuring, edit the file "conf.maldet" in / usr / local / maldetect, editing the line "email_alert = 0" for "email_alert = 1" and the line "email_addr=" by putting your email that will receive the report.
You can run it at the specified command line, for example:
maldet -a / home / USER /
maldet -a / home? /? / public_html
Here's a rough tip: You can set up maldetec for it to try to clear potential trojans or malicious code that "paste" into PHP codes, and if it does not, it moves the entire script / file to the / usr / local / maldetect / quarantine /. To do this, edit the line "quar_hits = 0" to "quar_hits = 1" and "quar_clean = 0" to "quar_clean = 1".
Using KSPLICE
wget -N https://www.ksplice.com/uptrack/install-uptrack; sh install-uptrack 8c7fea7e7e4e244d9ad4abacd55caf67fbed1d7f46ad31d1f3edea0eb61d8b7b --autoinstall
Distributions that work link
Credits: Alexandre Duran.