CentOS 5.x / Redhat 5.x
Get flash to fully experience Pearltrees
APF and BFD – Products to avoid When securing a web hosting server a Firewall and Brute Force Detection protection are critical pieces a server admin needs to look at. Two products were recommended by us in the past, but we have several reasons to step away from these recommendations. Security is an evolving topic and what is secure today might be at risk tomorrow if security does not grow with the risks out there on the Internet.
Author: Peter Abraham ; Published: Mar 5, 2012; Category: Managed Hosting , Managed Services , Security ; Tags: DNS , Security ; One Comment Over the years, we’ve really enjoyed the various projects created by Ryan MacDonald in terms of helping our customers have more reliable and more secure servers. One of the projects we consistently use and recommend is Ryan’s Advanced Policy Firewall by R-fx Networks known as APF While we do customize the implementation of APF as well as BFD (making some core changes to allow us to integrate APF into our other managed security offerings ), one of the issues we run into from time to time with APF is that if local DNS resolution is not working when the server is rebooted, a server will hang at starting APF.
From Rivalug Wiki Centos 5.5 Desktop on x86_64 References
UPDATE April 8, 2009: Due to many recent time restrictions, I have not been able to update this program. I am still here and still alive. Expect some developments in the next coming months. I will be collaborating with several new developers to improve the code overall and bring it to new operating systems and control panel platforms. Thanks for continuing to support my ELS script and feedback is always welcome.
ELS stands for Easy Linux Security. ELS was created by Richard Gannon, Martynas Bendorius and Wael Isa. ELS takes many of the tasks performed by our Administrators and puts it into an easy to use program for anyone to use. It is released under the GNU/GPL so it is free to use. This program is always being improved with new features and bugfixes, so be sure to keep it up to date. If you found a bug or would like an improvement, please let us know!
How to Secure Your Apache Web Server Installing and maintaining a secure web server on Linux can be a challenge. It requires in-depth knowledge of Linux, Apache , and PHP server-side options. One of the main problems is to find the balance between security and productivity and usability. The best solution depends on the specific project requirements, but all installations share certain common characteristics. Here are some best practices for securing a LAMP server, from the server configuration to fine-tuning PHP settings.
Linux server/cpanel/VPS tweaking and Hardening for security 1. Install or compile the missing modules in php & apache , Install or compile the missing modules in php & apache.
All WiredTree managed servers include our exclusive initial security hardening service, ServerShield, free of charge. This service saves you time and money by greatly increasing the security, performance, and reliability of your WiredTree server. ServerShield is a comprehensive software security and optimization suite.
Dhammapada Don't practice an ignoble way of life, don't indulge in a careless attitude. Don't follow a wrong view, and don't be attached to the world. psad and fwsnort are a pair of light weight tools which can be used as an effective NIDS .
psad: Intrusion Detection and Log Analysis with iptables psad is a collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. A typical deployment is to run psad on the iptables firewall where it has the fastest access to log data. psad incorporates many signatures from the Snort intrusion detection system to detect probes for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (FIN, NULL, XMAS) which are easily leveraged against a machine via nmap.
1. Introduction CentOS has an extremely powerful firewall built in, commonly referred to as iptables, but more accurately is iptables/netfilter. Iptables is the userspace module, the bit that you, the user, interact with at the command line to enter firewall rules into predefined tables.
Sampson & Associates - Building a hardened LAMP web server. - Des Moines, IA: Computer Networks, Support, and SecurityHere we will cover some steps you can take to make sure that your LAMP (Linux, Apache, MySQL, PHP) server is secure. Ideally you would not normally run all 3 components on the same server, but in some cases it is overkill to separate them. For example this particular site is hosted on a virtual server purchased from TekTonic (who, by the way, I strongly recommend.)
Introduction Last weeks on "System administrators" group on Linkedin, the members talked about how to harden a GNU/Linux web server for an hacking contest. Because I think it was born an intersting "to do" list about the argument during a post of mine, I have taken the decision to report in this article the ideas and my vision of the problem. The following words are what I wrote... Hardening Linux step-by-step
#### # Centos 5.2, 5.3 # hardening, customizing and removing excess # # Boardstretcher: Updated June 6, 2010 # #### # Contents: # # ExCESS:: # Service Definitions # Remove Services # Remove IP6 # Remove RPMs # # CUSTOMIZE: # Add date to history # Colorized grep, dir and prompt # # HARDEN: # Protect webserver upload directory # Require password for single user mode # Disable USB storage in kernel # Allow root login only from console # Store passwords in sha512 rather than md5 # Install Intrusion Detection System #### #DISABLE SELINUX (SET TO DISABLED/DISABLED) # #I leave SELINUX on when I am using the box as a webserver. Otherwise, I turn it off. system-config- securitylevel-tui reboot
Hardening the server's kernel is one of the most important things we need to consider when speaking about OS hardening. This is mini-howto install and configure grsecurity on CentOS server. grsecurity is powerful and easy to use Linux kernel security enhancement. It gives you a lot of security features: