CentOS 5.x / Redhat 5.x
APF and BFD – Products to avoid APF and BFD – Products to avoid When securing a web hosting server a Firewall and Brute Force Detection protection are critical pieces a server admin needs to look at. Two products were recommended by us in the past, but we have several reasons to step away from these recommendations. Security is an evolving topic and what is secure today might be at risk tomorrow if security does not grow with the risks out there on the Internet.
Author: Peter Abraham ; Published: Mar 5, 2012; Category: Managed Hosting , Managed Services , Security ; Tags: DNS , Security ; One Comment Over the years, we’ve really enjoyed the various projects created by Ryan MacDonald in terms of helping our customers have more reliable and more secure servers. One of the projects we consistently use and recommend is Ryan’s Advanced Policy Firewall by R-fx Networks known as APF While we do customize the implementation of APF as well as BFD (making some core changes to allow us to integrate APF into our other managed security offerings ), one of the issues we run into from time to time with APF is that if local DNS resolution is not working when the server is rebooted, a server will hang at starting APF. How to get APF working with a server has poor local DNS resolution on reboot
Centos5 - Rivalug Wiki From Rivalug Wiki Centos 5.5 Desktop on x86_64 References
Server Monkeys - ELS (Easy Linux Security) UPDATE April 8, 2009: Due to many recent time restrictions, I have not been able to update this program. I am still here and still alive. Expect some developments in the next coming months. I will be collaborating with several new developers to improve the code overall and bring it to new operating systems and control panel platforms. Thanks for continuing to support my ELS script and feedback is always welcome.
ELS stands for Easy Linux Security. ELS was created by Richard Gannon, Martynas Bendorius and Wael Isa. ELS takes many of the tasks performed by our Administrators and puts it into an easy to use program for anyone to use. It is released under the GNU/GPL so it is free to use. This program is always being improved with new features and bugfixes, so be sure to keep it up to date. If you found a bug or would like an improvement, please let us know! Web for host
How to Secure Your Apache Web Server How to Secure Your Apache Web Server Installing and maintaining a secure web server on Linux can be a challenge. It requires in-depth knowledge of Linux, Apache , and PHP server-side options. One of the main problems is to find the balance between security and productivity and usability. The best solution depends on the specific project requirements, but all installations share certain common characteristics. Here are some best practices for securing a LAMP server, from the server configuration to fine-tuning PHP settings.
CentOS Linux server/cpanel/VPS tweaking and Hardening for security 1. Install or compile the missing modules in php & apache , Install or compile the missing modules in php & apache.
ServerShield Server Hardening and Optimization | Server Hardening | WiredTree All WiredTree managed servers include our exclusive initial security hardening service, ServerShield, free of charge. This service saves you time and money by greatly increasing the security, performance, and reliability of your WiredTree server. ServerShield is a comprehensive software security and optimization suite.
Centos Dedicated Server Security
Dhammapada Don't practice an ignoble way of life, don't indulge in a careless attitude. Don't follow a wrong view, and don't be attached to the world. psad and fwsnort are a pair of light weight tools which can be used as an effective NIDS . NIDS with psad and fwsnort
psad - Intrusion Detection with iptables, iptables Log Analysis, iptables Policy Analysis psad: Intrusion Detection and Log Analysis with iptables psad is a collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. A typical deployment is to run psad on the iptables firewall where it has the fastest access to log data. psad incorporates many signatures from the Snort intrusion detection system to detect probes for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (FIN, NULL, XMAS) which are easily leveraged against a machine via nmap.
1. Introduction CentOS has an extremely powerful firewall built in, commonly referred to as iptables, but more accurately is iptables/netfilter. Iptables is the userspace module, the bit that you, the user, interact with at the command line to enter firewall rules into predefined tables. Network/IPTables
Sampson & Associates - Building a hardened LAMP web server. - Des Moines, IA: Computer Networks, Support, and Security Here we will cover some steps you can take to make sure that your LAMP (Linux, Apache, MySQL, PHP) server is secure. Ideally you would not normally run all 3 components on the same server, but in some cases it is overkill to separate them. For example this particular site is hosted on a virtual server purchased from TekTonic (who, by the way, I strongly recommend.)
How-to: Harden a Linux Web Server (Overview) Introduction Last weeks on "System administrators" group on Linkedin, the members talked about how to harden a GNU/Linux web server for an hacking contest. Because I think it was born an intersting "to do" list about the argument during a post of mine, I have taken the decision to report in this article the ideas and my vision of the problem. The following words are what I wrote... Hardening Linux step-by-step
RedHat / Centos hardening, customizing and removing excess - Linux Users Group #### # Centos 5.2, 5.3 # hardening, customizing and removing excess # # Boardstretcher: Updated June 6, 2010 # #### # Contents: # # ExCESS:: # Service Definitions # Remove Services # Remove IP6 # Remove RPMs # # CUSTOMIZE: # Add date to history # Colorized grep, dir and prompt # # HARDEN: # Protect webserver upload directory # Require password for single user mode # Disable USB storage in kernel # Allow root login only from console # Store passwords in sha512 rather than md5 # Install Intrusion Detection System #### #DISABLE SELINUX (SET TO DISABLED/DISABLED) # #I leave SELINUX on when I am using the box as a webserver. Otherwise, I turn it off. system-config- securitylevel-tui reboot
Blog: Hardening CentOS kernel with grsecurity Hardening the server's kernel is one of the most important things we need to consider when speaking about OS hardening. This is mini-howto install and configure grsecurity on CentOS server. grsecurity is powerful and easy to use Linux kernel security enhancement. It gives you a lot of security features:
MySQL Security Best Practices (Hardening MySQL Tips) | GreenSQL LTD
CentOS 5 Administration - 42.2. Server Security
20 ways to Secure your Apache Configuration
Hardening PHP from php.ini | Mad Irish . net
linux - Tips for Securing a LAMP Server
webserver - Apache Server Hardening - IT Security - Stack Exchange
Building a secure web server with CentOS 5, part 1 | Ray Heffer
HOW TO: Secure and Optimize your VPS
How to Conduct a Linux Server Security Audit
Linux Server Hardening
How To: WHM/cPanel Hardening & Security - The Basics - Part 1
RedHat / Centos hardening, customizing and removing excess
CentOS 5 POP3/IMAP/SMTP mail server with virtual users [Dovecot LDA+SASL, Postfix] | firewing1
CentOS 5 SQL database server [MySQL] | firewing1
CentOS 5 server setup series: server security & reliability | firewing1
CentOS 5 SSH+SFTP for remote access and secure file transfers [OpenSSH] | firewing1
CentOS 5 server setup series: getting started | firewing1
CentOS 5 HTTP/HTTPS web server with PHP, database, virtual hosts, & web statistics [httpd+mpm_itk, mod_ssl, mod_php, awstats] | firewing1
Linux Guides: CentOS 5 Server | firewing1
Dragon Research Group (DRG) :: sshpwauth-tac
hardening new CentOS system