CentOS 5.x / Redhat 5.x
Get flash to fully experience Pearltrees
chroot jail
APF and BFD – Products to avoid
APF and BFD – Products to avoid When securing a web hosting server a Firewall and Brute Force Detection protection are critical pieces a server admin needs to look at. Two products were recommended by us in the past, but we have several reasons to step away from these recommendations. Security is an evolving topic and what is secure today might be at risk tomorrow if security does not grow with the risks out there on the Internet.
Author: Peter Abraham ; Published: Mar 5, 2012; Category: Managed Hosting , Managed Services , Security ; Tags: DNS , Security ; One Comment Over the years, we’ve really enjoyed the various projects created by Ryan MacDonald in terms of helping our customers have more reliable and more secure servers. One of the projects we consistently use and recommend is Ryan’s Advanced Policy Firewall by R-fx Networks known as APF While we do customize the implementation of APF as well as BFD (making some core changes to allow us to integrate APF into our other managed security offerings ), one of the issues we run into from time to time with APF is that if local DNS resolution is not working when the server is rebooted, a server will hang at starting APF.
How to get APF working with a server has poor local DNS resolution on reboot
Server Monkeys - ELS (Easy Linux Security)
UPDATE April 8, 2009: Due to many recent time restrictions, I have not been able to update this program. I am still here and still alive. Expect some developments in the next coming months. I will be collaborating with several new developers to improve the code overall and bring it to new operating systems and control panel platforms. Thanks for continuing to support my ELS script and feedback is always welcome.
ELS stands for Easy Linux Security. ELS was created by Richard Gannon, Martynas Bendorius and Wael Isa. ELS takes many of the tasks performed by our Administrators and puts it into an easy to use program for anyone to use. It is released under the GNU/GPL so it is free to use. This program is always being improved with new features and bugfixes, so be sure to keep it up to date. If you found a bug or would like an improvement, please let us know!
Web for host
How to Secure Your Apache Web Server
How to Secure Your Apache Web Server Installing and maintaining a secure web server on Linux can be a challenge. It requires in-depth knowledge of Linux, Apache , and PHP server-side options. One of the main problems is to find the balance between security and productivity and usability. The best solution depends on the specific project requirements, but all installations share certain common characteristics. Here are some best practices for securing a LAMP server, from the server configuration to fine-tuning PHP settings.
CentOS
Linux server/cpanel/VPS tweaking and Hardening for security 1. Install or compile the missing modules in php & apache , Install or compile the missing modules in php & apache.
ServerShield Server Hardening and Optimization | Server Hardening | WiredTree
All WiredTree managed servers include our exclusive initial security hardening service, ServerShield, free of charge. This service saves you time and money by greatly increasing the security, performance, and reliability of your WiredTree server. ServerShield is a comprehensive software security and optimization suite.Dhammapada Don't practice an ignoble way of life, don't indulge in a careless attitude. Don't follow a wrong view, and don't be attached to the world. psad and fwsnort are a pair of light weight tools which can be used as an effective NIDS .
NIDS with psad and fwsnort
psad - Intrusion Detection with iptables, iptables Log Analysis, iptables Policy Analysis
psad: Intrusion Detection and Log Analysis with iptables psad is a collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. A typical deployment is to run psad on the iptables firewall where it has the fastest access to log data. psad incorporates many signatures from the Snort intrusion detection system to detect probes for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (FIN, NULL, XMAS) which are easily leveraged against a machine via nmap.
1. Introduction CentOS has an extremely powerful firewall built in, commonly referred to as iptables, but more accurately is iptables/netfilter. Iptables is the userspace module, the bit that you, the user, interact with at the command line to enter firewall rules into predefined tables.