Secure your Linux Servers

محروم.كوم · #1 11-01-2011, 03:00 AM

Securing a linux server is a continuous job as new types of exploits are discovered almost everday. Here, we tried to collect a number of quick guides that will help you securing your linux box.However, this guide covers only basic linux server security tips intended for linux learners. I am writing this guide assuming that you are running Centos 5 or later versions.
Steps in Securing your Linux Server
Install Firewall (APF or CSF Firewall with BFD)
ModSecurity (Web application firewall)
ModEvasive (Prevent DDOS attacks)
Harden SSH server
Fix Open DNS Recursion
Install RKhunter
Install ClamAV (Antivirus)
XInet Servers Hardening (Disable Telnet/Finger or unwanted services)
Securing PHP
PortsEntry (tool to detect portscans)
Harden host.conf (against IP spoofing)
Check User Uploaded files
Secure /tmp Folders (noexec, nosuid)
Install Firewall
The very first first step on securing a server is installing a firewall (atleast IP tables based) to close all unused or unwanted ports. Once the firewall is installed it is often considered 50% of work done. You can install CSF firewall or APF firewall. Often BFD (brute force detection) utilities comes with firewall.

We will install CSF (Config security firewall) as it is easy to install with plenty of features and easily integrated to CPanel (if you are running)
اقتباس:
wget http://www.configserver.com/free/csf.tgz
tar zxf csf.tar.gz
sh /csf/install.sh
Follow the installer and once installed, you can start the firewall.
اقتباس:
csf -s
// start the firewall
csf -r
// restart the firewall
csf -f
// flush the rules or stop the firewall.
You can see the full installing tutorial here

Harden SSH server
Very often you will see SSH attacks from various bots trying to get access to your server by connected to port 22 with unlimited number of login attempts to break in to your system. Imagine attacks coming from different IPs can put lot of load in you server. You can trace those failed attempts by checking your log file
اقتباس:
cat /var/log/secure
cat /var/log/messages
To harden your SSH server,
* Run SSH on other port rather than default port 22
* Disable Root login
* Use only protocol 2
* Enable Public key authentication.
You can see the full SSH hardening tutorial here
Disable Telnet & Other Unused Services
You may want to disable services like telnet, finger and other unwanted services running on your server with xinet.
اقتباس:
nano /etc/xinetd.d/telnet
// OR
nano /etc/xinetd.d/krb5-telnet
look for lines disable=no and change to disable=yes
اقتباس:
chkconfig telnet off
Hardening PHP for Security
PHP is the most popular scripting language for apache and mysql. You will need to disable system level functions in the php configuration file.
اقتباس:
nano /usr/local/lib/php.ini
Look for the lines and make sure you have the lines as below..
اقتباس:
disable_functions = exec,system,shell_exec,passthru
register_globals = Off
expose_php = Off
magic_quotes_gpc = On
It is best to keep magic_quotes to on as otherwise you forms using POST may be used for SQL injection attacks.
Disable Open DNS Recursion (DNS Server)
If you are running bind DNS server, then you might want to check your dns server statistics with dnstools.com. You dont want to allow recursive lookups to performed on your server other than local IP. It can also slowdown your server.
اقتباس:
nano /etc/named.conf
\
Under Options { place a line
اقتباس:
Options {
recursion no;
…..
Then restart the bind
اقتباس:
service named restart
You will also need to restrict zone transfers and notifications if you are running Bind 9. Refer to: dns server hardening
Install Mod_Security
ModSecurity is a free open source web application firewall which can help you to guard against LFI (local file inclusion attacks) and SQL injection vulnerabilities.
cPanel Installation:
Just go to Cpanel WHM > Plugins > Enable Mod_Security > Save
Source Installation:
That should install mod security in your cpanel. Under apache it should show under installed modules if you run test.php with phpinfo() in it. Try adding some mod security rules. Installing mod_security could be sometimes complicated. Dont use apxs for compiling mod_security as it causes number of problems.

Note: Mod_security needs libxml2 and http-devel libraries before it can be installed. It also requires mod_unique_id enabled in apache modules. To install mod_unique_id, you have to place
رمز Code:
LoadModule unique_id_module modules/mod_unique_id.so
in your httpd.conf file.
رمز PHP:

yum install libxml2 libxml2-devel httpd-devel

Download the latest version of mod_security for apache2 from ModSecurity: Open Source Web Application Firewall
رمز Code:
wget http://www.modsecurity.org/download/...e_2.1.7.tar.gz
tar zxf modsecurity-apache_2.5.4.tar.gz
cd modsecurity-apache_2.5.4
cd apache2
Then
If you cannot find ./configure then you will need to edit Makefile and make change to top_dir = /usr/lib/httpd (for centos)
رمز Code:
make
make install
Next, copy the rule files depending on which you want (you can also select minimal rules file which comes with source). Make a directory named modsecurity under /etc/httpd/conf and copy all the modsecurity rules there. Finally include those files in the httpd.conf file
اقتباس:
# /etc/httpd/conf/httpd.conf
LoadModule unique_id_module modules/mod_unique_id.so
LoadFile /usr/lib/libxml2.so
LoadModule security2_module modules/mod_security2.so
Include conf/modsecurity/*.conf
Then
اقتباس:
/etc/init.d/httpd restart
mis.net.sa __DEFINE_LIKE_SHARE__

المواضيع المتشابهه
الموضوع	كاتب الموضوع	المنتدى	مشاركات	آخر مشاركة
moving servers	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	02-02-2010 06:10 AM
Is using HTML in this way secure enough?...	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	09-26-2009 01:10 AM
Sharing between two servers	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	08-31-2009 02:20 AM
Secure login	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	07-19-2009 04:40 AM
Changing Servers	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	06-22-2009 04:40 PM