This article will help people securing their Linux web server. Its very essential to follow the steps below to protect your server from attacks and vulnerabilities.
Follow the steps below to perform security task (OS Centos):-
1) Install a firewall to monitor you incoming and outgoing traffic. Make rules within it to block illegal usage. I would recommend you to use APF or CSF
Read here about CSF:- http://configserver.com/cp/csf.html
Read here about APF:- http://www.rfxn.com/projects/advanced-policy-firewall/
Installation Guide:-
CSF:- http://configserver.com/free/csf/install.txt
APF:- http://www.rfxn.com/appdocs/README.apf
2) Check if their are updates for software installed. Its very necessary to update the software with the necessary patch.
Command:-
yum check-update
Suppose it shows you list of update available then you need to run.
yum install update_name
(replace update_name is the software update available )
If you see result like no update available then it means your kernel and installed files are up-to-date
3) Change SSH port for logging. This is necessary step because an attacker can brute force ssh port to gain root access , so by changing SSH port from 22 to something anonymous like 132 or anything you would like, will hep you to secure your server.
Command:-
vi /etc/ssh/sshd_config
Find line port 22 at the bottom of the the file and press “i” to edit the file and change port number to anything you would like. Then press “escape” and “:wq” to save the file.
Now you have to restart SSH
Command:-
/etc/init.d/sshd restart
Make sure to add the port number in the firewall other wise it will block your SSH access.
4) Protect Against Fork Bombs. Fork bombs are programs that keep creating child processes until system resources are all used. They actually aren’t remote exploits because they require a local user to execute the bomb; however, users may be tricked into running a fork bomb. For example, the following example may look innocent, but running it on an unprotected system may take the whole system down
Command:-
vi /etc/security/limits.conf
Add these two lines in the code:-
@users soft nproc 100
@users hard nproc 150
save it and you are done.If you don’t have a users group then check your accounts belong to which group or you can individually limit the user access also.
5) Install Rootkit Hunter (rkhunter).rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing MD5 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.
Command:-
wget http://space.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz
tar -xzvf rkhunter-1.3.8.tar.gz
cd rkhunter-1.3.8
./installer.sh
rukhunter will be installed on your server. Now you have to setup cron job and mail notification system
Command:-
nano -w /etc/cron.daily/rkhunter.sh
Add the following text to rkhunter.sh
#!/bin/sh
(
/usr/local/bin/rkhunter –versioncheck
/usr/local/bin/rkhunter –update
/usr/local/bin/rkhunter –cronjob –report-warnings-only
) | /bin/mail -s ‘rkhunter Daily Run (PutYourServerNameHere)’ your@email.here
Note:- You have to change PutYourServerNameHere and your@email.here with your original server name and email address
The above were some ways to harden server protection.Soon I will be writing more on securing Linux Server.