Questions about securing new VPS

[hawksfan]

Hello everyone,

My site has become large enough that we're outgrowing shared hosting. Knowing that this was coming, I recently signed up for a very good deal through a reputable host for a VPS. This is a fully managed WHM/Cpanel vps with Apache & CentOS (yes, I've considered & continue to consider Litespeed). I have no plans to host other sites on this vps, just my IPB board along with its test site which is always kept offline (I have the test site up & running on the vps, but have not yet moved the live site). I went with a fully managed solution due to the fact that I'm very new to server management. But what I'm wondering is how much I need to pay attention to tweaking security settings. I found this guide:

LINK

Could I just follow that? My worry is that I'll make an adjustment to a setting that will break something in IPB, but I've seen many comments that state that you need to lock down a server since a default installation (which I assume is what I have) is pretty wide open. Any help or guidance would be greatly appreciated.

[.Immortal]

Hello everyone,

[url="http://forums.cpanel.net/f185/beginners-guide-securing-your-server-30159.html"]LINK[/url]

Could I just follow that? My worry is that I'll make an adjustment to a setting that will break something in IPB, but I've seen many comments that state that you need to lock down a server since a default installation (which I assume is what I have) is pretty wide open. Any help or guidance would be greatly appreciated.

Hi Hawksfan,

First, I would like to say that since you went fully managed with a reputable host, they should of hardened already your vps, if not you can ask them to since your fully managed. They will most likely change your ssh port, install a firewall and configure it among other things, hardening your vps. For Cpanel settings though, some hosts do, others do not harden your Cpanel installation. That thread is a bit dated, about 6 years old but still has useful setting changes that are still relevant today. For more relevant information, refer to Cpanel's Securing your Server Documentation located here http://docs.cpanel.n...uringYourServer . It covers pretty much all the basics for hardening the Cpanel settings but for hardening the vps, I recommend you ask your host to harden it for you since in that documentation it does have some tips to harden your vps like installing a firewall but very sparse details on how to install and configure, so to save you the hardship, let your host do it.

If you want to get your hands dirty and try to secure your vps or just learn more about securing a vps, you can have a look at these sites, they provide excellent information in setting up your vps and securing your vps from scratch.
http://articles.slicehost.com/centos
http://www.securecentos.com/

[hawksfan]

Thank you for the reply. I contacted my host last night & asked them about what type of security or hardening that they do to their managed installations. This was their reply:

During the provisioning of managed servers, we do the basic security hardening like installation of apf, bfd, rkhunter(cron.daily) and chkrootkit(cron.daily). Please check the server and let us know if you need any more help from us.

Thoughts? I'm more than happy to let them handle this, believe me.

[.Immortal]

Thoughts? I'm more than happy to let them handle this, believe me.

The basic security hardening that they did is enough. You can now just check the documentation link that I gave you and secure your cpanel installation. In most cases, all these security measures cover pretty much all your bases.

[hawksfan]

Thank you very much, I really appreciate it. I will get to work on the rest.

[3dblake]

I love this script for just this purpose:

http://configserver.com/cp/csf.html

Be careful with it, you can lock yourself out of your server, but it's such a great tool.