Thử thêm cái coi lào
A Beginner's Guide to Securing Your Server [Part 2]
Các lệnh căn bản về Network trong linux
Feb
14
A Beginner's Guide to Securing Your Server Part 3 of 3 (Apps to install)
hrockvn , 13:44 , Bảo mật - Virus , Nhận xét: (0) , Trích dẫn: (0) , Đọc: (490) , Via Tự viết 
Lớn | Vừa | Nhỏ 
Lớn | Vừa | Nhỏ
These are applications that will help to secure your server. Install chkrootkit To install chrootkit, SSH into server and login as root. At command prompt type: cd /root/ At command prompt type: wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz At command prompt type: tar xvzf chkrootkit.tar.gz At command prompt type: cd chkrootkit-0.44 At command prompt type: make sense To run chkrootkit At command prompt type: /root/chkrootkit-0.44/chkrootkit Make sure you run it on a regular basis, perhaps including it in a cron job. Install APF Firewall To install APF, SSH into server and login as root. At command prompt type: cd /root/ At command prompt type: wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz At command prompt type: tar -xvzf apf-current.tar.gz At command prompt type: rm -f apf-current.tar.gz At command prompt type: cd apf-0.9.4-6 At command prompt type: sh ./install.sh After APF has been installed, you need to edit the configuration file. At command prompt type: cd /etc/apf At command prompt type: pico -w conf.apf Scroll down and find USE_DS="0" change it to USE_DS="1" Now scroll down and configure the Ports. The following ports are required for CPanel: Note: If you changed the port for SSH, be sure to include that port and remove port 22. ----- 21 FTP (TCP) 22 SSH (TCP) 25 SMTP (TCP) 53 DNS - Domain Name Server (TCP) 80 HTTP (TCP) 110 POP3 (TCP) 143 IMAP (TCP) 443 HTTPS (TCP) 465 sSMTP (TCP) 953 ??BIND?? 993 IMAP4 protocol over TLS/SSL (TCP) 995 POP3 protocol over TLS/SSL (was spop3) (TCP) 2082 CPANEL (http://sitename.com:2082) (TCP) 2083 CPANEL SSL (https://sitename.com:2083) (TCP) 2084 entropychat server (disable from CPANEL service manager if not used) (TCP) 2086 WHM (http://sitename.com:2086) (TCP) 2087 WHM SSL (https://sitename.com:2087) (TCP) 2095 WebMail (http://sitename.com:2095) (TCP) 2096 WebMail SSL (https://sitename.com:2096) 3306 mySQL remote access (TCP) 6666 Melange chat Server (disable from CPANEL service manager if not used) (TCP) 7786 Interchange (TCP) 3000_3500 ----- 5100 for ASP, 8080 and 8443 for JSP if you use them. ----- ----- 53 DNS - Domain Name Server 6277 SpamAssassin / DCC (email scanning) ----- ----- 0 Echo Reply 3 Destination Unreachable 5 Destination Unreachable 8 Echo 11 Time Exceeded 30 Traceroute ----- ----- 21 FTP 25 SMTP 37 Required for CPANEL Licensing 53 DNS - Domain Name Server 80 HTTP 110 POP3 (if you have scripts that need to retrieve email via POP, e.g. HelpDesk) 113 Authentication Protocol (AUTH) 123 NTP (Network Time) 443 HTTPS 43 WHOIS 873 rsync (CPanel updates) 953 BIND ?? 2089 Required for CPANEL Licensing 2703 Razor (email scanning) 3306 mySQL remote access ----- ----- 20 ftp-data 21 FTP 53 DNS - Domain Name Server 873 rsync 953 BIND ?? 6277 SpamAssassin / DCC (email scanning) ----- Save the changes then exit. To start APF At command prompt type: /usr/local/sbin/apf -s APF commands are: -s start -r restart -f flush - stop -l list -st status -a HOST allow HOST -d HOST deny HOST Log out of SSH and then login again. After you are sure everything is working fine, change the DEV option At command prompt type: cd /etc/apf At command prompt type: pico -w conf.apf Scroll down and find DEVM="1" change it to DEVM="0" Save changes, exit and then restart firewall, At command prompt type: /usr/local/sbin/apf -r Install BFD (Brute Force Detection) To install BFD, SSH into server and login as root. At command prompt type: cd /root/ At command prompt type: wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz At command prompt type: tar -xvzf bfd-current.tar.gz At command prompt type: cd bfd-0.4 At command prompt type: ./install.sh After BFD has been installed, you need to edit the configuration file. At command prompt type: pico /usr/local/bfd/conf.bfd Under Enable brute force hack attempt alerts: Find ALERT_USR="0" and change it to ALERT_USR="1" Find EMAIL_USR="root" and change it to EMAIL_USR="your@email.com" Save the changes then exit. To start BFD At command prompt type: /usr/local/sbin/bfd -s Modify LogWatch Logwatch is a customizable log analysis system. It parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. Logwatch is already installed on most CPanel servers. To modify LogWatch, SSH into server and login as root. At command prompt type: pico -w /etc/log.d/conf/logwatch.conf Scroll down to MailTo = root and change to Mailto = your@email.com Note: Set the e-mail address to an offsite account incase you get hacked. Now scroll down to Detail = Low Change that to Medium, or High... Detail = 5 or Detail = 10 Note: High will give you more detailed logs with all actions. Save and exit.
Common ingress (inbound) TCP ports IG_TCP_CPORTS="21,22,25,53,80,110,143,465,953,993,995,2082,2083,2084,2086,2087,2095,2096,3306,6666,7786,3000_3500"
Code:
Common ingress (inbound) UDP ports IG_UDP_CPORTS="53,6277
Code:
Common ICMP (inbound) types IG_ICMP_TYPES="3,5,11,0,30,8"
Code:
Common egress (outbound) TCP ports EG_TCP_CPORTS="21,25,37,53,80,110,113,#123,443,43,873,953,2089,2703,3306"
Code:
Common egress (outbound) UDP ports EG_UDP_CPORTS="20,21,53,873,953,6277"
Code:
Common ICMP (outbound) types EG_ICMP_TYPES="all"
