Andrew.S. Posted July 24, 2007 Posted July 24, 2007 Please Note: Not all of these were made by me, So Kudos to the creator that made them. These topics are gathered around WHT This topic covers a wide range of methods for securing and optimizing your VPS.Secure cPanel/WHM and the Root User on VPS: Checking for formmail: Form mail is used by hackers to send out spam email, by relay and injection methods. If you are using matts script or a version of it, you may be in jeopardy. Command to find pesky form mails:find / -name "[Ff]orm[mM]ai*" CGIemail is also a security risk:find / -name "[Cc]giemai*" Command to disable form mails:chmod a-rwx /path/to/filename (a-rwx translates to all types, no read, write or execute permissions). (this disables all form mail) If a client or someone on your vps installs form mail, you will have to let them know you are disabling their script and give them an alternative. Root kit Checker (rkhunter or chkrootkit) Check for a root kits via a cron job, by doing this you will regularly check if your server is comprised, and you will be sent regular reports. To install chkrootkit, login to the server as root and on the command line interface type: cd /root/ wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz tar xvzf chkrootkit.tar.gz cd chkrootkit-0.47 make sense To run chkrootkit, type the following on the CLI:/root/chkrootkit-0.47/chkrootkit To ensure the highest level of security setup a cronjob which emails you the results on a regular basis.Setup Email on Root Login (to detect breaches) If an unauthorized person gains access to root, you want to be notified - you can do so by doing the following while logged into root: cd /root vi .bash_profile Add the following line:echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" your@email.com Where your@email.com is your email address. Save an exit vi: :wq Securing WHM and cPanel: By default cPanel/WHM is not setup securely and efficiently, so you will want to optimize the cPanel/WHM settings by doing the following: Go to: Server Setup -> Tweak Settings Under Domains tick:
Recommended Posts
Archived
This topic is now archived and is closed to further replies.