Do the Following : For Server Security for Cpanel Servers
1. sysctl http://www.eth0.us/sysctl
2. noexec, nosuid /var/tmp /tmp http://www.eth0.us/tmp
3. LES Linux Environment Security http://www.securecentos.com/temp/installing-les-linux-environment-security.html
4. Removal of Insecure packages http://pcgeo.blogspot.com/2009/12/removal-of-insecure-packages-and.html
5. RPM upgrades [Yum Update]
6. Firewall (CSF + LFD) http://www.configserver.com/free/csf/install.txt
7. AIDE (Advanced Intrusion Detection Environment) http://pcgeo.blogspot.com/2009/12/installing-aideadvanced-intrusion.html
8. Logwatch Installation and configuration http://pcgeo.blogspot.com/2009/12/install-logwatch-in-server.html
9. ClamAV (virus scanner) Installation with Exim on cPanel servers http://pcgeo.blogspot.com/2009/12/clamav-installation.html
10. chkrootkit http://pcgeo.blogspot.com/2009/12/install-chkrootkit-on-server.html
11. LibSafe Installation http://pcgeo.blogspot.com/2009/12/libsafe-installation.html
more steps
* WHM -> ConfigServer Security&Firewall -> Check Server Security (You need to get atleast 105 points out of 119)
* WHM -> Update Config -> Select Manual Updates Only (STABLE tree) and run "/scripts/upcp --force"
* Run Easy apache..
You can enable below modules,
Mod SuPHP
IonCube Loader for PHP
Zend Optimizer for PHP
Bcmath, Bz2, CGI, Calendar, Curl , CurlSSL, Curlwrappers, FTP, GD , Iconv , Imap ,MM ,Magic Quotes, MailHeaders , Mbregex, Mbstring , Mcrypt , Mhash , Mime Magic, Mysql , Mysql of the system, Openssl , POSIX , Path Info Check, Pear, SafeMode , Sockets , TTF (FreeType), XmlRPC , Zip , Zlib
LAST STEP
** Deny direct root access
** change the SSH PORT (Dont forget to add the new port to CSF)
** Create a wheel user
No comments:
Post a Comment