DA Server Hardening

shivam

New member
Joined
Mar 7, 2005
Messages
4
I can harden cpanel servers easily however da seems to be different or harder cuz they dont install required rpms n stuff .. how do i do the following:



As part of our server securing we perform:
1. Install Firewall APF
2. Configure the 10/100Mbps port to maximum allowance
3. Install RootKit
4. Install Brute Force Blocking System (BF)
5. Add a security warning message for all users who access Shell/ssh
6. Restrict SSH Access
7. Close or Modify Telnet Access
8. Email user each time someone logs in as root
9. Email user(admin) every day/week of access logs and server logs via email
10. Install chkroot
11. Install LogWatch
12. Run external Antivirus Scan.
13. Modiy and configure firewall ports to give perfect optimum access of the network. -
 
shivam said:
I can harden cpanel servers easily however da seems to be different or harder cuz they dont install required rpms n stuff ..
Which required RPMs are missing?
how do i do the following:
As part of our server securing we perform:
1. Install Firewall APF[/quote]
We install APF on DA and on non-DA systems exactly the same way.
2. Configure the 10/100Mbps port to maximum allowance
While I have no idea what you mean by maximum allowance, Linux networking is managed exactly the same way on a DA system as on any other Linux system.
3. Install RootKit
I don't think you want to install a rootkit; a rootkit is a server compromise that roots your server; or in other words, hacks it.

So I presume you mean something that checks for rootkits. We install both chkrootkit and RKHunter exactly the same way on DirectAdmin systems as we do on any other linux systems.
4. Install Brute Force Blocking System (BF)
I don't know it, but again, I'd presume there's no difference in how you'd install it.
5. Add a security warning message for all users who access Shell/ssh
The same way you do it on any unix system; put the message into /etc/motd and put code into ~/.profile for each user to display it on login (for example: "cat /etc/motd" (without the quotes).
6. Restrict SSH Access
There are two things you can do: Make sure that if you don't want someone to log in that they don't have a working shell in their /etc/passwd entry. (Note that if you want them to have ftp access the name of the nonworking shell must be listed in the /etc/shells file.)

You should also make changes to /etc/ssh/sshd_config; the specific changes depend on what you want to restrict.
7. Close or Modify Telnet Access
I don't know of any version of telnet that has a config file; what kind of modification do you want to make?
8. Email user each time someone logs in as root
Put code into ~/.profile to send the email.
9. Email user(admin) every day/week of access logs and server logs via email
I'm not sure what you mean by this. If you mean you want the log files mailed to you, then simply create cron jobs to do that.
10. Install chkroot
The same way you'd install it on any linux platform.
11. Install LogWatch
I believe this comes with a default RHL and/or RHEL install. If not you can just install the binaries.
12. Run external Antivirus Scan.
There are lots of discussions on AntiVirus solutions on these forums. If they're not helpful I'd suggest that you check the exim-users mailing list archives or the Exim site (http://www.exim.org/).
13. Modiy and configure firewall ports to give perfect optimum access of the network.
Everyone's idea of optimum is different. Use either KISS or APF; you'll find installation instructions for both of them on these forums, and you'll find configuration information for them on their sites.

Jeff
 
Back
Top