After DA installation, security?

[Archimedes]

Hello,

I've just installed DirectAdmin, website is running well and popmail and ftp too. I've installed APF and filtered all useless tcp/udp ports, and I've installed mod_security with gotroot rules.

My question is: how much is DA installation secure? I mean, what I should set up to secure my server? Or is already all set up by DirectAdmin and I don't need to change anything else?

Are services installed by DA already updated and stable? if there are new bug/exploits are they automatically updated by DirectAdmin update module?

Sorry, I'm new to DirectAdmin and I haven't understood some features of it.

Many thanks

 

[ramprage]

You're off to a good start by at least asking about security

Well first off you should update your system OS components with either Yum or up2date or whatever you use for your OS. DirectAdmin does not update anything related to this. EG: update the kernel.

You can build a more recent version of PHP/Apache with DA.

There are many. many things you can do to help with security. A few tutorials that will get you in the right direction - http://www.webhostgear.com/cid_6.html

Also you might want to consider hiring someone to secure your system for you if you want that extra level of expertise.

 

[Archimedes]

Thanks for your reply

my question are:

1) DirectAdmin update module take care about last stable versions of services and update them when a new version stable that fix some bug is released?

2? Are path permissions set by DirectAdmin already studied for security? or there are by default any big holes?

I mean, if I've installed DirectAdmin and I release a simple html webpage (without then any way to be exploited ) I'm already be sure that DirectAdmin components are already updated and so free from known exploits?

 

[nobaloney]

1) DirectAdmin update module take care about last stable versions of services and update them when a new version stable that fix some bug is released?

DirectAdmin only updates itself. Depending on your OS Distribution you can probably automatically update you the programs installed by your OS, but be sure to check these forums for what you should exclude from automatic updating.

DA's download pages offer latest supported (compiled) versons of many programs your server uses for webhosting, and often source RPMs of even more advanced versions. Check these forums for the All-in-1 script.

2? Are path permissions set by DirectAdmin already studied for security? or there are by default any big holes?

Over time DA path permissions have been made more secure. Of course there's always new problems to find and fix.

I mean, if I've installed DirectAdmin and I release a simple html webpage (without then any way to be exploited ) I'm already be sure that DirectAdmin components are already updated and so free from known exploits?

That's a reasonable assumption... but here's something I heard years ago watching the movie Bless the Beasts and the Children:

When you ASSUME you make an ASS out of U and ME.

So don't assume. On a new systems those assumptions may be correct, but updating a DA system depends on you.

Jeff