How to configure security for dedicated servers and VPS?

2

I'm having problems with the security settings for virtualized (VPS) and dedicated servers.

What do I need to do to protect my Linux server with Apache against major security threats such as rootkits, exploiting common open ports, root logging, etc? What needs to be installed and configured?

    
asked by anonymous 08.06.2015 / 18:45

1 answer

5

Via SSH - Shell access

Install the ELS

wget --output-document=installer.sh http://servermonkeys.com/projects/els/installer.sh; chmod +x installer.sh; sh installer.sh; els --update; els --chkrootkit; els --rkhunter; els --chmodfiles; els --disabletelnet; els --hardensysctl; els --libsafe; els --mytop; els ---securepartitions

ELS "Easy Linux Security" is an updated module installer and small security scripts. There are many modules available, you can list them by simply running the els command in your shell. What I install above are the ones that make the most difference in terms of server security: chkrootkit (rootkit), rkhunter (another rootkit even better), chmodfiles (it changes the access permissions and execution of some scripts / commands on the server to just the root disables them), disabletelnet (disable / disable telnet, leaving only SSH), hardensysctl (makes a tunnig from your network interface), installs libsafe (32 bit systems only), mytop (installs a process viewer mysql as the TOP command does with the system).

Install logview

wget http://www.logview.org/logview-install

Install the CMM

wget http://www.configserver.com/free/cmm.tgz; tar -xzf cmm.tgz; cd cmm; ./install.sh

It is a browser log viewer, you do not need to open SSH to see the intricate system logs, with this WHM addon you see them via your WHM panel.

Install the CMQ

wget http://www.configserver.com/free/cmq.tgz; tar -xzf cmq.tgz; cd cmq; ./install.sh

Install the CMC

wget http://www.configserver.com/free/cmc.tgz; tar -xzf cmc.tgz; cd cmc; ./install.sh

Configuring the SSH port

pico -w /etc/ssh/sshd_config

And change the line "Port 22" to the port you want (remember to add the port on your firewall BEFORE or you will not be able to access the server any more).

ROOT access warning

Edit ".bash_profile" or with the command:

cd root; pico -w /root/.bash_profile

Add the code below at the end of the last command:

#
# GRAVA LOG E HISTORICO DE ACESSOS ROOT
#
echo 'who' >> .access
#
# EMAIL DE AVISO ACESSO ROOT
#
rootalert() {
  echo 'ALERTA - Acesso ROOT SHELL'
  echo
  echo 'Servidor: ''hostname'
  echo 'Data: ''date'
  echo 'Usuario: ''who | awk '{ print $1 }''
  echo 'TTY: ''who | awk '{ print $2 }''
  echo 'Origem: ''who | awk '{ print $6 }' | /bin/cut -d '(' -f 2 | /bin/cut -d ')' -f 1'
  echo
  echo 'ACESSO ROOT EXECUTADO.'
  echo
  echo 'Estes usuários estão ativos neste instante como root:'
  echo 'who | awk '{print $6}''
  echo
  echo 'Últimos 10 acessos efetuados:'
  echo 'last -n 10'
  echo
  echo 'Informações: Horário deste acesso, Uptime e Load Averange atual'
  echo 'uptime'
  echo
}
rootalert | mail -s "Alerta: Acesso ROOT ['hostname']" SEUEMAILAQUICARAMBA

Install the CSF Firewall

wget http://www.configserver.com/free/csf.tgz; tar -xzf csf.tgz; cd csf; sh install.sh

Remove Lynx

First identify the package that you have installed:

rpm -qa | grep lynx

Then run:

rpm -e lynx NOMEDOPACOTE

Installing and properly configuring Maldetec

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz ; tar -xzf maldetect-current.tar.gz ; cd maldetect-* ; sh ./install.sh ; maldet --update-ver ; maldet --update

Now configuring, edit the file "conf.maldet" in / usr / local / maldetect, editing the line "email_alert = 0" for "email_alert = 1" and the line "email_addr=" by putting your email that will receive the report.

You can run it at the specified command line, for example:

  

maldet -a / home / USER /

     

maldet -a / home? /? / public_html

Here's a rough tip: You can set up maldetec for it to try to clear potential trojans or malicious code that "paste" into PHP codes, and if it does not, it moves the entire script / file to the / usr / local / maldetect / quarantine /. To do this, edit the line "quar_hits = 0" to "quar_hits = 1" and "quar_clean = 0" to "quar_clean = 1".

Using KSPLICE

wget -N https://www.ksplice.com/uptrack/install-uptrack; sh install-uptrack 8c7fea7e7e4e244d9ad4abacd55caf67fbed1d7f46ad31d1f3edea0eb61d8b7b --autoinstall

Distributions that work link

Credits: Alexandre Duran.

    
08.06.2015 / 18:51