Server Security

All posts in the Server Security category

How to install CSF and LFD?

Published June 17, 2010 by Siva

Securing a web server is critical if it is Internet facing. A steady flood of random and targeted attacks is going to happen as soon as the server is available over the Internet. Installing a firewall and a brute force attack detection tool should be one of the very first steps for a web master. In the past we recommended APF and BFD of R-fx Networks as the software to use, but both tools have not kept up with the pace and are very much outdated. A competing product developer stepped up to the plate and grabbed the opportunity to position his own software solution in the market. Best of all – the solution is freely available at Configserver.com.

CSF and LFD are very easy to install and to configure – especially if you are using a cpanel & WHM server. Here are the instructions on how to install CSF and LFD.

1) Log into your server and switch to the root user
2) Switch directories to your download directory
3) Download the latest version of the software: # wget http://www.configserver.com/free/csf.tgz
4) Untar the package: # tar -xzf csf.tgz
5) Switch into the new extracted folder: # cd csf
6) Run the installer: # sh install.sh
7) If you are still running APF and BFD on your server it is necessary to disable those applications: # sh disable_apf_bfd.sh

If you are running WHM you can now configure CSF and LFD from WHM. CSF/LFD comes pre-configured for a cpanel/WHM server and so there is not that much to do after the installation. Log into WHM and inspect the new configuration utility. As an example you can uninstall APF and BFD from here with the click of the button. If you want to manually edit the CSF/LFD configuration you can do so at / etc/csf/*. Make sure to make backups before you make changes as well as using the debug mode to avoid being locked out.

If for whatever reason you need to uninstall CSF and LFD you can do this easily yourself as well. Login to your server via SSH and switch to the root user.

1) Switch to the folder holding the uninstaller: # cd /etc/csf
2) Run the uninstaller: # sh uninstall.sh

All done. We highly recommend to make yourself familar with the product and how it works. CSF / LFD comes with a readme.txt file that you really should read. The readme file will give a great insight into how both apps work and what you need to configure to have your server properly configured.

RKHunter Configuration Guide

Published January 23, 2010 by Siva

Rkhunter is a very useful tool that is used to check for trojans, rootkits, and other security problems. This tutorial will touch on installing and setting up a daily report for rkhunter.

Installing:

wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz

wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.3.6/rkhunter-1.3.6.tar.gz?use_mirror=nchc
tar -zxvf rkhunter-1.2.7.tar.gz
cd rkhunter-1.2.7
./installer.sh –layout /usr/local/rkhunter –install

Updating rkhunter

gets the latest database updates from their central server and matches your OS better to prevent false positives

rkhunter –update

Now you can run a test scan with the following command:

/usr/local/bin/rkhunter -c

How to setup a daily scan report?

vim /etc/cron.daily/rkhunter.sh

add the following replacing your email address:

#!/bin/bash
/usr/local/bin/rkhunter –cronjob –rwo –nocolors | mail -s “Rkhunter daily run on `uname -n`” siva@example.com
exit 0

chmod +x /etc/cron.daily/rkhunter.sh

Securing Your /tmp Partition to prevent from hackers

Published August 8, 2009 by Siva

Securing your /tmp directory could save you from an un-updated PHP script, where someone attempts to write an executable program with malicous code too.

I AM NOT RESPONSIBLE FOR ANY PROBLEMS THIS MAY CAUSE

that being said, lets get to it:

cd /dev

Create 500MB file for our /tmp partition. If you need more space, make count size larger.

dd if=/dev/zero of=tmpMnt bs=1024 count=500000

Make an extended filesystem for our tmpMnt file

/sbin/mke2fs /dev/tmpMnt

Backup your /tmp dir- I had mysql.sock file that I needed to recreate the symbolic link for. Other programs may use it to store cache files or whatever.

cd /
cp -pR /tmp /tmp_backup

Mount the new /tmp filesystem with noexec

mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
chmod 0777 /tmp

Copy everything back to new /tmp and remove backup

cp -pR /tmp_backup/* /tmp/

Now we need to add this to fstab so it mounts automatically on reboots.

pico -w /etc/fstab

You should see something like this:

/dev/hda3               /                       ext3    defaults,usrquota        1 1
/dev/hda1               /boot                   ext3    defaults        1 2
none                    /dev/pts                devpts  gid=5,mode=620  0 0
none                    /proc                   proc    defaults        0 0
none                    /dev/shm                tmpfs   defaults        0 0
/dev/hda2               swap                    swap    defaults        0 0

At the bottom add:

/dev/tmpMnt             /tmp                    ext2    loop,noexec,nosuid,rw  0 0

(Each space is a tab)
Save it!

Ctrl + X and Y

Your done- /tmp is now mounted as noexec. You can sleep a little bit safer tonight. I created a hello world c++ and compiled it then moved it to /tmp. Upon trying to run it (even chmod +x’ed), it gives the following error:

bash: ./a.out: Permission denied

good luck! if it is causing problems with any of your software, you could remove the entry from fstab, reboot and then delete /tmp and recreate it to bring it back to normal.

*Source:  http://webhostgear.com*