prepare and Preinstallation of the server Ubuntu

taker18

taker18

Verified User
Joined
Oct 18, 2021
Messages
141
Location
USA
HI My first time ever to use DM from Cyber panel background experience, I heard good things about DM.
I would like to know what should be done to harden the server before installing DM.
I will list what I am doing and I would like to know your opinion if it will conflict with DM
1- change ssh port 22
2- cancel IP6
3- add firewall UfW ( notice that DM recommend to install CSF)
4- install fail2ban
in addition to the recommendation from DM in this article : https://docs.directadmin.com/operation-system-level/securing/general.html#basic-system-security
overall DM looks like goo documentation and forum. thank you.
 
Don't you mean DA? Most users here call it DA never heard DM.

I'm surprised that you put IPv6 cancel on the 2nd list. Disabling IPv6 on the server is not part of security hardened. Directadmin fully supports IPv6.
 
Here are some good lists to harden from directadmin.conf (it might have been set by default)

Code: 
cd /usr/local/directadmin/directadmin
./directadmin set enforce_difficult_passwords 1
./directadmin set force_hostname YOURHOSTNAME.COM
./directadmin set allow_backup_encryption 1
./directadmin set set disable_ip_check 0
./directadmin set set bruteforce 1
./directadmin set brute_force_log_scanner 1
# Scan domain log for bruteforce like wordpress, 1=manual entry, 2=auto entry in /usr/local/directadmin/data/admin/brute.conf
./directadmin set brute_force_scan_apache_logs 2
./directadmin set security_questions 1
./directadmin set lost_password 0
./directadmin set hsts 31536000
./directadmin set show_info_in_header 0
./directadmin set show_info_in_title 0

systemctl restart directadmin

For custombuild options.conf

Code: 
cd /usr/local/directadmin/custombuild
./build set secure_php yes
./build secure_php
./build set userdir_access no
./build set redirect_host_https yes

install clamav (by default it is not install)

You also probably want to change DA port, change phpmyadmin or roundcube URL, install 2 step authentication for roundcube, and always monitor your server from attack using IPS software like suricata.
 
MaXi32 said:
Don't you mean DA? Most users here call it DA never heard DM.

I'm surprised that you put IPv6 cancel on the 2nd list. Disabling IPv6 on the server is not part of security hardened. Directadmin fully supports IPv6.
Click to expand...
I am sorry it was DA not DM thank you for the reply
 
You must log in or register to reply here.
Back
Top