background preloader

Centos

Facebook Twitter

Hardening new CentOS system. CentOS 5 POP3/IMAP/SMTP mail server with virtual users [Dovecot LDA+SASL, Postfix] Linux Guides: CentOS 5 Server. CentOS 5 HTTP/HTTPS web server with PHP, database, virtual hosts, & web statistics [httpd+mpm_itk, mod_ssl, mod_php, awstats] This how-to will show you how to configure: An Apache 2External Links icon web server using virtual hostsThe ITK MPMExternal Links icon allows each virtual host to serve requests as its own user/groupmod_ssl to serve pages over the secure HTTP (HTTPS) protocolmod_security to help prevents everything from SQL injections to data leaksmod_php for PHP scripts along with mod_suhosin to help protect mitigate risks from known and unknown flaws in PHP scripts Rebuilding httpd for ITK About privilege separation By default, the Apache web server runs as the 'apache' user.

CentOS 5 HTTP/HTTPS web server with PHP, database, virtual hosts, & web statistics [httpd+mpm_itk, mod_ssl, mod_php, awstats]

This is good because a successful attack on the web server will only cause limited damage to the system, as they do not have root access. Privilege separation is a technique that can be used to mitigate the risk of an attack against a shared hosting server. Rebuild process Unfortunately, the ITK MPM is not included in the stock httpd distribution. We will first need to add the ITK patches. CentOS 5 server setup series: getting started. Preface As of writing, the most recent version of CentOS available is 5.6 so I will be using it as the basis for this howto.

CentOS 5 server setup series: getting started

If a newer version is available, I recommend you use that version instead. Much of these instructions should still apply, especially if it is only a newer 5.x release. CentOS 5 SSH+SFTP for remote access and secure file transfers [OpenSSH] This how-to will show you how to configure: Remote access over SSH via OpenSSHExternal Links iconSecure, password-less authenticationOptional: OpenSSH 5.4p1 to allow restrict shell access and jail users by groupSecure file transfers over SFTP Configuring OpenSSH openssh-server is already installed by default, it just needs to be configured.

CentOS 5 SSH+SFTP for remote access and secure file transfers [OpenSSH]

We will disable root logins as well as all password-based logins in favour of the more secure public key authentication. If you do not already have a SSH key, you should take the time to create one now by running ssh-keygen on the computer you will be using to access the server remotely. CentOS 5 server setup series: server security & reliability. This how-to will not configure any one service in particular, but rather focus on the operating system as a whole in order to improve security and reliability.

CentOS 5 server setup series: server security & reliability

This how-to will show you how to: Configure the GRUBExternal Links icon bootloader to gracefully handle kernel panics during bootsCreate, edit & manage custom SELinuxExternal Links icon policy modulesDeny access to remote users with too many failed authentication attempts over SSH (DenyhostsExternal Links icon), POP3 or IMAP (Fail2banExternal Links icon)Improve the password hash strengthEnable shell timeouts...and much more! Gracefully recovering from kernel panics: Boot robustness & more GRUB has two very important features that you can use to make your system more robust in the event of a kernel panic or other boot error: saved default boot entries and fallbacks.

The fallback command is extremely handy when installing and testing new kernels. CentOS 5 SQL database server [MySQL] Building a secure web server with CentOS 5, part 1. Part 1 | Part 2 | Part 3 | Troubleshooting Introduction This is an updated version of my original LAMP (Linux Apache MySQL and Perl/PHP) guide that was based on CentOS 4.

Building a secure web server with CentOS 5, part 1

Now updated and tweaked for CentOS 5, I will take you through the steps required to build a secure Linux web server (LAMP) on CentOS 5. I have a background working for an ISP, so I’ve based this build on the same configuration many hosting providers use. It supports virtual hosts (multiple websites), secure FTP access, locked down SSH access, and a sensible directory structure.

If you follow this guide, you will get a web server up and running within a couple of hours depending on whether you follow it step by step, or prefer to experiment first. Good luck! Building a secure web server with CentOS 5, part 1. SecureCentos.com. CentOS 5 Administration - 42.2. Server Security. When a system is used as a server on a public network, it becomes a target for attacks.

CentOS 5 Administration - 42.2. Server Security

Hardening the system and locking down services is therefore of paramount importance for the system administrator. Before delving into specific issues, review the following general tips for enhancing server security: Keep all services current, to protect against the latest threats. Use secure protocols whenever possible. Serve only one type of network service per machine whenever possible. 42.2.1. TCP Wrappers provide access control to a variety of services. The benefits offered by TCP Wrappers are enhanced when used in conjunction with xinetd, a super server that provides additional access, logging, binding, redirection, and resource utilization control.

Tip It is a good idea to use iptables firewall rules in conjunction with TCP Wrappers and xinetd to create redundancy within service access controls. 42.2.1.1. Centos Dedicated Server Security. How to Secure Your Apache Web Server. How to Secure Your Apache Web Server Installing and maintaining a secure web server on Linux can be a challenge.

How to Secure Your Apache Web Server

It requires in-depth knowledge of Linux, Apache, and PHP server-side options. One of the main problems is to find the balance between security and productivity and usability. The best solution depends on the specific project requirements, but all installations share certain common characteristics. CentOS. Linux server/cpanel/VPS tweaking and Hardening for security 1.

CentOS

Install or compile the missing modules in php & apache , Install or compile the missing modules in php & apache. You can do this using easy apache /scripts/easyapache 2. Cd /usr/local/cpanel/whostmgr/docroot/cgi wget -N tar -xzpf fantastico_whm_admin.tgz rm -rf fantastico_whm_admin.tgz Go to WHM, login as root and click on Tweak Settings, then you should ensure that both the Ioncube loader is selected for the backend copy of PHP. Now go here: WHM -> Plugins (orAdd-Ons) -> Fantastico De Luxe WHM Admin (scroll down the left menu). Upon loading, Fantastico De Luxe WHM Admin will auto-update your existing installation (if existing). After the installation complete go to settings PHPsuexec (*): VERY ESSENTIAL!!! Centos5 - Rivalug Wiki. From Rivalug Wiki Centos 5.5 Desktop on x86_64 References Release Notes Known Issues, including some during upgrades from 5.2 to 5.3 Updating yum clean all yum update glibc\* yum update yum\* rpm\* python\* yum clean all yum update shutdown -r now Install from USB CD and DVD media drives are no longer automatically found on all hardware, its handy to install from a bootable usb drive.

The following was done on a Fedora desktop. Format usb drive as vfat, and bootable. Www.centos.org - The Community ENTerprise Operating System.