abdouacly
New Member
Today i would like to share some of my tips and trick so as to make everyone lives easier and do my best to help people and provide useful info.
In this post i would be using centos as example but you can easily modify commands for your linux distro.
How to secure your linux(Centos)
1.Update/Patch your kernel
Why?
Vulnerabilities in kernel are being found by security experts continuously by security experts.
How?
Execute this via SSH.
Code: yum -y update2.Change SSH Port
Why?
By default your ssh port is 22.Script kiddies will try their best to bruteforce your ssh password.Even if they don't succeed , they add load to the server , so time to kick their butt out of your server.
How?
Open sshd_config with nano ,vi or any other editor of your choice.(Here 1559 is my new ssh port)
Change line :
Code: #Port 22To
Code: Port 1559and change line :
Code: Protocol 2,1To:
Code: Protocol 2Save the changes and restart ssh service to apply new changes.
Execute via ssh:
Code: service sshd restart3.Install Firewall(I recommend CSF)
Why?
This firewall will protect your site against DDos
How?
Execute this via SSH.
Code: wget http://www.configserver.com/free/csf.tgztar -xzf csf.tgzcd csf./csftest.pl./install.shThen after install is done , open /etc/csf/csf.conf and modify the setting below to enable firewall
Code: Testing = "0"TCP_IN = ---->Add new ssh port at end of line if you have modified default(e.g Port 15TCP_OUT = --->Add port 1454CT_LIMIT = "80" --->This IS VERY IMPORTANT setting , CSF will ban anyone haven't more than 80 open connections to your server(bye bye DDosers)CT_PERMANENT = "1"CT_BLOCK_TIME = "1800"CT_INTERVAL = "30"Then save changes and execute via ssh.
Code: service csf restart4.Secure PHP (Of course if you use them , most do btw)
Open php.ini and make sure your settings resembles mine:
Quote: expose_php = Off
Enable_dl= Off
display errors = off
disable_functions = system, show_source, symlink, exec,dl,shell_exec, passthru, phpinfo,escapeshellarg,escapeshellcmd After you are done execute this via ssh.
Code: service httpd restart.......More to come soon
, reply and tell me how much you like/dislike it
What to expect in a few days?
How to secure Apache
How to Harden Linux Kernel
Some server monitoring tips
In this post i would be using centos as example but you can easily modify commands for your linux distro.
How to secure your linux(Centos)
1.Update/Patch your kernel
Why?
Vulnerabilities in kernel are being found by security experts continuously by security experts.
How?
Execute this via SSH.
Code: yum -y update2.Change SSH Port
Why?
By default your ssh port is 22.Script kiddies will try their best to bruteforce your ssh password.Even if they don't succeed , they add load to the server , so time to kick their butt out of your server.
How?
Open sshd_config with nano ,vi or any other editor of your choice.(Here 1559 is my new ssh port)
Change line :
Code: #Port 22To
Code: Port 1559and change line :
Code: Protocol 2,1To:
Code: Protocol 2Save the changes and restart ssh service to apply new changes.
Execute via ssh:
Code: service sshd restart3.Install Firewall(I recommend CSF)
Why?
This firewall will protect your site against DDos
How?
Execute this via SSH.
Code: wget http://www.configserver.com/free/csf.tgztar -xzf csf.tgzcd csf./csftest.pl./install.shThen after install is done , open /etc/csf/csf.conf and modify the setting below to enable firewall
Code: Testing = "0"TCP_IN = ---->Add new ssh port at end of line if you have modified default(e.g Port 15TCP_OUT = --->Add port 1454CT_LIMIT = "80" --->This IS VERY IMPORTANT setting , CSF will ban anyone haven't more than 80 open connections to your server(bye bye DDosers)CT_PERMANENT = "1"CT_BLOCK_TIME = "1800"CT_INTERVAL = "30"Then save changes and execute via ssh.
Code: service csf restart4.Secure PHP (Of course if you use them , most do btw)
Open php.ini and make sure your settings resembles mine:
Quote: expose_php = Off
Enable_dl= Off
display errors = off
disable_functions = system, show_source, symlink, exec,dl,shell_exec, passthru, phpinfo,escapeshellarg,escapeshellcmd After you are done execute this via ssh.
Code: service httpd restart.......More to come soon
What to expect in a few days?
How to secure Apache
How to Harden Linux Kernel
Some server monitoring tips