WHM/cPanel Hardening & Security
WHM – Account Functions:
Disable cPanel Demo Mode
Disable shell access for all accounts (except root)
Disable shell access for all accounts (except root)
MySQL:
Set MySQL password (Don’t set the same password like for the root access)
-If you didn’t set MySQL password someone will be able to login into the DB with
username “root” without password and delete/edit/download any db on the server.
Set MySQL password (Don’t set the same password like for the root access)
-If you didn’t set MySQL password someone will be able to login into the DB with
username “root” without password and delete/edit/download any db on the server.
WHM – Service Configuration – Apache Configuration – PHP and SuExec Configuration
Enable suEXEC – suEXEC = On
When PHP runs as an Apache Module it executes as the user/group of the
webserver which is usually “nobody” or “apache”. suEXEC changes this so
scripts are run as a CGI. Than means scripts are executed as the user
that created them. With suEXEC script permissions can’t be set to
777(read/write/execute at user/group/world level)
When PHP runs as an Apache Module it executes as the user/group of the
webserver which is usually “nobody” or “apache”. suEXEC changes this so
scripts are run as a CGI. Than means scripts are executed as the user
that created them. With suEXEC script permissions can’t be set to
777(read/write/execute at user/group/world level)
Optimization & Security
Keep all services and scripts up to date and make sure that you running the latest secured version.
# /scripts/updatenow - Update /scripts
Keep all services and scripts up to date and make sure that you running the latest secured version.
# /scripts/updatenow - Update /scripts
WHM -Tweak Security:
* Secure tmp
* Apache server signature turned off
* Disabled Directory Listing
* cPHulk Brute Force Protection
* Shell Fork Bomb Protection
* SMTP Tweak
* Compiler Access
* Apache mod_userdir Tweak
* PHP open_basedir Tweak
* Disable Compilers for all accounts (except root)
* Disable shell access for all other users.
FTP Server Configuration
* Allow Anonymous Logins - NO
* Allow Anonymous Uploads - NO
* Allow Logins with Root Password - NO
* Secure tmp
* Apache server signature turned off
* Disabled Directory Listing
* cPHulk Brute Force Protection
* Shell Fork Bomb Protection
* SMTP Tweak
* Compiler Access
* Apache mod_userdir Tweak
* PHP open_basedir Tweak
* Disable Compilers for all accounts (except root)
* Disable shell access for all other users.
FTP Server Configuration
* Allow Anonymous Logins - NO
* Allow Anonymous Uploads - NO
* Allow Logins with Root Password - NO
PHP Security
php -i | grep php.ini
Configuration File (php.ini) Path => /usr/local/lib
Loaded Configuration File => /usr/local/lib/php.ini
It means you have to edit /usr/local/lib/php.ini
php.ini & disabled functions
safe_mode = On
expose_php = Off
Enable_dl= Off
magic_quotes = On
register_globals = off
display errors = off
disable_functions = system, show_source, symlink, exec, dl,
shell_exec, passthru, phpinfo, escapeshellarg,escapeshellcmd
symlink,shell_exec,exec,proc_close,proc_open,popen,system,dl,passthru,escapeshellarg,escapeshellcmd
#service httpd restart
php -i | grep php.ini
Configuration File (php.ini) Path => /usr/local/lib
Loaded Configuration File => /usr/local/lib/php.ini
It means you have to edit /usr/local/lib/php.ini
php.ini & disabled functions
safe_mode = On
expose_php = Off
Enable_dl= Off
magic_quotes = On
register_globals = off
display errors = off
disable_functions = system, show_source, symlink, exec, dl,
shell_exec, passthru, phpinfo, escapeshellarg,escapeshellcmd
symlink,shell_exec,exec,proc_close,proc_open,popen,system,dl,passthru,escapeshellarg,escapeshellcmd
#service httpd restart
Install Packages
Suhosin
Zend Optimizer
Mod_Evasive
Mod_Security
Suhosin
Zend Optimizer
Mod_Evasive
Mod_Security
Install Anti-Virus.
* Linux Malware Detect ( LMD ) what is LMD
http://wp.me/s1UIdz-552
* ClamAV
* Login to you WHM then go to the following and enable it cPanel > Manage Plugins
* Rootkit
* Use latest stable release
http://www.rootkit.nl/projects/rootkit_hunter.html
CHKRootKit
Linux Socket Monitor (LSM)
LSM is a network socket monitor, it is used to track changes to Network sockets and Unix domain sockets, effectively a port monitor. An alert e-mail is dispatched whenever new ports activate.
* Linux Malware Detect ( LMD ) what is LMD
http://wp.me/s1UIdz-552
* ClamAV
* Login to you WHM then go to the following and enable it cPanel > Manage Plugins
* Rootkit
* Use latest stable release
http://www.rootkit.nl/projects/rootkit_hunter.html
CHKRootKit
Linux Socket Monitor (LSM)
LSM is a network socket monitor, it is used to track changes to Network sockets and Unix domain sockets, effectively a port monitor. An alert e-mail is dispatched whenever new ports activate.
Recommended Security Tweak Settings Checklists
Blank referrer safety check On
Require SSL On
Enable HTTP Authentication Off
Security Tokens On
Cookie IP Validation On
Proxy Subdomain Creation Off
Block Common Domains Usage On
Initial default/catch-all forwarder destination Fail
Max hourly emails per domain - 100 emails per hour per domain
Enable SpamAssassin spam filter On
Additonal to that
We have installed CHKRootKit, which is a program that looks for known signatures in trojaned system binaries, it basically detects if your system has been compromised.
We have installed Rootkit Hunter, which is scanning tool to find most types of exploits (backdoors, suspicious files, md5 hash comparisons, and is over 99% accurate in detecting such exploits.
Firewall: CSF+LFD has been installed and configured.
/tmp and /var/tmp hardened and secured to prevent the execution of malicious scripts.
Restricted the execution of critical binaries (such as wget and lynx) only to root.
SSH has been hardened by restricting the SSH Protocol to SSH 2. SSH will still function the same way, just more secure.
Apache (HTTPD) web server has been optimized and secured.
MySQL Server has been optimized to perform at it's best under the most common and standard environments.
System Configuration File host.conf has been secured and hardened to prevent DNS lookup poisoning and also provide protection against spoofs.
System Configuration File sysctl.conf has been secured and hardened to help prevent the TCP/IP stack from syn-flood attacks. It is also configured to prevet other various and similar network abuse.
Linux Socket Monitor (LSM) has been installed on your server now. LSM is a network socket monitor, it is used to track changes to Network sockets and Unix domain sockets, effectively a port monitor. An alert e-mail is dispatched whenever new ports activate.
We have setup a root login notification script. This will send an e-mail alerts everytime someone logs into your server as root.
Your FTP server software has been upgraded and secured.
Enabled extended logging in the exim configuration. It will log some valuable logs in the email logs which will help us to trouble the spamming related issues in a effective way. Also enabled RBLs in the mail service configuration to reduce spam emails.
Compilers access has been disabled for unprivileged users.
Enabled PHP open_basedir protection on your server. PHP's open_basedir protection prevents users from opening files outside of their home directory with php.
Shell Fork Bomb Protection has been enabled. This will prevent users logged into a shell (ssh/telnet) from using up all the resources on the server and causing a crash.
Background Process Killer has been enabled to kill any of the following which are commonly recognized bad processes: BitchX, bnc, eggdrop,generic-sniffers, guardservices, ircd, psyBNC, ptlink and related services.
Installed ConfigServer Mail Queues (cmq) on your server, it allows you to check within WHM and clear the servers exim queue(s) and deal with individual emails
awaiting delivery.
ConfigServer Mail Manage (cmm) has been installed on your server, allows you edit view and manage client email accounts and quotas from within WHM without having to log into their cPanel account.
A warning message has been created for the SSH login welcome screen. Any user that logs into your server via SSH, will see this message.
Unused programs have been disabled from the OS of your server. This reduces the chance of being compromised through software exploits on old or deprecated programs.
Enabled SMTP Tweak option in the server firewall to prevent the spammers from bypassing the mailserver to send mail.
We have disabled the following php functions on the server as these are the commonly used functions in the malicious scripts.
symlink,shell_exec,exec,proc_close,proc_open,popen,system,dl,passthru,escapeshellarg,escapeshellcmd
Mod-deflate has been implemented with Apache to increase apache performance.
Blank referrer safety check On
Require SSL On
Enable HTTP Authentication Off
Security Tokens On
Cookie IP Validation On
Proxy Subdomain Creation Off
Block Common Domains Usage On
Initial default/catch-all forwarder destination Fail
Max hourly emails per domain - 100 emails per hour per domain
Enable SpamAssassin spam filter On
Additonal to that
We have installed CHKRootKit, which is a program that looks for known signatures in trojaned system binaries, it basically detects if your system has been compromised.
We have installed Rootkit Hunter, which is scanning tool to find most types of exploits (backdoors, suspicious files, md5 hash comparisons, and is over 99% accurate in detecting such exploits.
Firewall: CSF+LFD has been installed and configured.
/tmp and /var/tmp hardened and secured to prevent the execution of malicious scripts.
Restricted the execution of critical binaries (such as wget and lynx) only to root.
SSH has been hardened by restricting the SSH Protocol to SSH 2. SSH will still function the same way, just more secure.
Apache (HTTPD) web server has been optimized and secured.
MySQL Server has been optimized to perform at it's best under the most common and standard environments.
System Configuration File host.conf has been secured and hardened to prevent DNS lookup poisoning and also provide protection against spoofs.
System Configuration File sysctl.conf has been secured and hardened to help prevent the TCP/IP stack from syn-flood attacks. It is also configured to prevet other various and similar network abuse.
Linux Socket Monitor (LSM) has been installed on your server now. LSM is a network socket monitor, it is used to track changes to Network sockets and Unix domain sockets, effectively a port monitor. An alert e-mail is dispatched whenever new ports activate.
We have setup a root login notification script. This will send an e-mail alerts everytime someone logs into your server as root.
Your FTP server software has been upgraded and secured.
Enabled extended logging in the exim configuration. It will log some valuable logs in the email logs which will help us to trouble the spamming related issues in a effective way. Also enabled RBLs in the mail service configuration to reduce spam emails.
Compilers access has been disabled for unprivileged users.
Enabled PHP open_basedir protection on your server. PHP's open_basedir protection prevents users from opening files outside of their home directory with php.
Shell Fork Bomb Protection has been enabled. This will prevent users logged into a shell (ssh/telnet) from using up all the resources on the server and causing a crash.
Background Process Killer has been enabled to kill any of the following which are commonly recognized bad processes: BitchX, bnc, eggdrop,generic-sniffers, guardservices, ircd, psyBNC, ptlink and related services.
Installed ConfigServer Mail Queues (cmq) on your server, it allows you to check within WHM and clear the servers exim queue(s) and deal with individual emails
awaiting delivery.
ConfigServer Mail Manage (cmm) has been installed on your server, allows you edit view and manage client email accounts and quotas from within WHM without having to log into their cPanel account.
A warning message has been created for the SSH login welcome screen. Any user that logs into your server via SSH, will see this message.
Unused programs have been disabled from the OS of your server. This reduces the chance of being compromised through software exploits on old or deprecated programs.
Enabled SMTP Tweak option in the server firewall to prevent the spammers from bypassing the mailserver to send mail.
We have disabled the following php functions on the server as these are the commonly used functions in the malicious scripts.
symlink,shell_exec,exec,proc_close,proc_open,popen,system,dl,passthru,escapeshellarg,escapeshellcmd
Mod-deflate has been implemented with Apache to increase apache performance.
You should probably give credit back to the original sites that you used your copy/paste skills on. Just sayin'
ReplyDeleteDid you realize there is a 12 word sentence you can communicate to your partner... that will trigger deep feelings of love and impulsive attractiveness to you deep within his chest?
ReplyDeleteBecause deep inside these 12 words is a "secret signal" that fuels a man's impulse to love, adore and protect you with all his heart...
====> 12 Words Will Fuel A Man's Desire Response
This impulse is so hardwired into a man's brain that it will drive him to work better than ever before to make your relationship the best part of both of your lives.
Matter of fact, triggering this all-powerful impulse is absolutely mandatory to achieving the best possible relationship with your man that the second you send your man one of the "Secret Signals"...
...You will soon notice him open his mind and soul to you in a way he haven't experienced before and he'll identify you as the only woman in the world who has ever truly attracted him.
Really amazing post with lots of useful information. Thanks so much for writing such wonderful articles about VPS hosting services for us.best web servers reviews
ReplyDelete