I'm having problems with the security settings for virtualized (VPS) and dedicated servers.
What do I need to do to protect my Linux server with Apache against major security threats such as rootkits, exploiting common open ports, root logging, etc? What needs to be installed and configured?
Via SSH - Shell access
wget --output-document=installer.sh http://servermonkeys.com/projects/els/installer.sh; chmod +x installer.sh; sh installer.sh; els --update; els --chkrootkit; els --rkhunter; els --chmodfiles; els --disabletelnet; els --hardensysctl; els --libsafe; els --mytop; els ---securepartitions
ELS "Easy Linux Security" is an updated module installer and small security scripts. There are many modules available, you can list them by simply running the els command in your shell. What I install above are the ones that make the most difference in terms of server security: chkrootkit (rootkit), rkhunter (another rootkit even better), chmodfiles (it changes the access permissions and execution of some scripts / commands on the server to just the root disables them), disabletelnet (disable / disable telnet, leaving only SSH), hardensysctl (makes a tunnig from your network interface), installs libsafe (32 bit systems only), mytop (installs a process viewer mysql as the TOP command does with the system).
wget http://www.logview.org/logview-install
wget http://www.configserver.com/free/cmm.tgz; tar -xzf cmm.tgz; cd cmm; ./install.sh
It is a browser log viewer, you do not need to open SSH to see the intricate system logs, with this WHM addon you see them via your WHM panel.
wget http://www.configserver.com/free/cmq.tgz; tar -xzf cmq.tgz; cd cmq; ./install.sh
wget http://www.configserver.com/free/cmc.tgz; tar -xzf cmc.tgz; cd cmc; ./install.sh
pico -w /etc/ssh/sshd_config
And change the line "Port 22" to the port you want (remember to add the port on your firewall BEFORE or you will not be able to access the server any more).
Edit ".bash_profile" or with the command:
cd root; pico -w /root/.bash_profile
Add the code below at the end of the last command:
#
# GRAVA LOG E HISTORICO DE ACESSOS ROOT
#
echo 'who' >> .access
#
# EMAIL DE AVISO ACESSO ROOT
#
rootalert() {
echo 'ALERTA - Acesso ROOT SHELL'
echo
echo 'Servidor: ''hostname'
echo 'Data: ''date'
echo 'Usuario: ''who | awk '{ print $1 }''
echo 'TTY: ''who | awk '{ print $2 }''
echo 'Origem: ''who | awk '{ print $6 }' | /bin/cut -d '(' -f 2 | /bin/cut -d ')' -f 1'
echo
echo 'ACESSO ROOT EXECUTADO.'
echo
echo 'Estes usuários estão ativos neste instante como root:'
echo 'who | awk '{print $6}''
echo
echo 'Últimos 10 acessos efetuados:'
echo 'last -n 10'
echo
echo 'Informações: Horário deste acesso, Uptime e Load Averange atual'
echo 'uptime'
echo
}
rootalert | mail -s "Alerta: Acesso ROOT ['hostname']" SEUEMAILAQUICARAMBA
wget http://www.configserver.com/free/csf.tgz; tar -xzf csf.tgz; cd csf; sh install.sh
First identify the package that you have installed:
rpm -qa | grep lynx
Then run:
rpm -e lynx NOMEDOPACOTE
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz ; tar -xzf maldetect-current.tar.gz ; cd maldetect-* ; sh ./install.sh ; maldet --update-ver ; maldet --update
Now configuring, edit the file "conf.maldet" in / usr / local / maldetect, editing the line "email_alert = 0" for "email_alert = 1" and the line "email_addr=" by putting your email that will receive the report.
You can run it at the specified command line, for example:
maldet -a / home / USER /
maldet -a / home? /? / public_html
Here's a rough tip: You can set up maldetec for it to try to clear potential trojans or malicious code that "paste" into PHP codes, and if it does not, it moves the entire script / file to the / usr / local / maldetect / quarantine /. To do this, edit the line "quar_hits = 0" to "quar_hits = 1" and "quar_clean = 0" to "quar_clean = 1".
wget -N https://www.ksplice.com/uptrack/install-uptrack; sh install-uptrack 8c7fea7e7e4e244d9ad4abacd55caf67fbed1d7f46ad31d1f3edea0eb61d8b7b --autoinstall
Distributions that work link
Credits: Alexandre Duran.