1 / 22

Recommended Software and Modifications for Server Security

Certain scripts and software are recommended for ensuring the security of a server. These include some modifications and third-party software that can be installed for gaining enhanced server security.

htshosting
Télécharger la présentation

Recommended Software and Modifications for Server Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Recommended Software and Modifications for Server Security

  2. Table of Contents • ConfigServer Software (Continued I) • ConfigServereXploit Scanner • ImunifyAV • Imunify360 • KernelCare • Linux Malware Detect • Modify the Logwatch Configuration File • Patchman • RootKit Hunter • Introduction • Introduction (Continued) • APF Firewall • Atomicorp • BitNinja • chkrootkit • CloudLinux • ConfigServer Software • ConfigServer Software (Continued)

  3. Introduction • Certain security settings are recommended that ensure your server’s security. Here, information is being provided on scripts as well as software for server modification, which are aimed at enhancing server security. The information contained here lists all those third-party software and modifications which can be installed to increase a server’s security. • In the context of servers, web servers are a type of server that are used by web hosting companies for the purpose of providing the service of web hosting. Web hosting companies that are renowned as the “Best Website Hosting Company”, the “Best Windows Hosting Company”, and the “Top Cloud Hosting Company”, such as HTS Hosting, offer hosting services that deliver high uptime, secure and speedy hosting at very affordable prices.

  4. Introduction (Continued) • Despite the recommendations, it is advised that the release date of all the solutions that are being provided here are checked. This is because many programs might not have received updates and might contain malware libraries that are outdated. Out of all the solutions listed here, cPanel provides direct technical support only for KernelCare, Imunify360, and CloudLinux, when these are directly licensed through cPanel. In other cases, the concerned software developer or the system administrator needs to be contacted in situations where help is needed.

  5. APF Firewall An advanced firewall for Linux systems is offered by APF Firewall. APF is the abbreviation for Advanced Policy Firewall. It is a firewall system that is iptables (netfilter) based. It has been designed to cater to the requirements of the Internet deployed servers of these days as well as the unique requirements of custom deployed Linux installations. APF’s configuration is immensely informative and it equips the user with a process that is easy to follow. APF utilizes the latest as well as the most stable features from the iptables project. This ensures that a very powerful firewall is provided. APF’s filtering is threefold: • Policies that are based on static rule (not static firewall) • Policies based on sanity • Stateful policies that are connection based

  6. Atomicorp A secure and hardened shell for Linux servers is offered by Atomicorp. Atomicorp ensures the security of a server and the hybrid environment. With regard to data center workloads, it offers an intrusion prevention system that is comprehensive. The main features of Atomicorp are as follows: • System Hardening • Memory protection • Advanced FIM (File Integrity Monitoring) • Vulnerability Shielding/ WAF Protection • Compliance Reporting • Application control and visibility • Cloud-based and Workload-based Machine Learning • Real-time scanning and quarantine • Micro segmentation • Server EDR and behavioural monitoring

  7. BitNinja A security suite is provided by BitNinja. Protection against multiple forms of attacks is provided by it. Some of the features that this server protection suite for hosting providers offers, are as follows: • Realtime IP Reputation • WAF (Web Application Firewall) • Log Analysis • DoS Detection • Malware Detection • Honeypots which trap suspicious connections

  8. Chkrootkit The binaries of your system for rootkit installations are examined by the chkrootkit shell script. Undetected administrative access to a server can be gained by a malicious user through rootkits. The following steps need to be carried out for installing the chkrootkit script: • Server log in via SSH. This needs to be done as the root user. • Change the root directory by running the cd /root command. • Download chkrootkit by running the below-mentioned command. • wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz • Decompress the downloaded file by running the command, tar -xvzf chkrootkit.tar.gz • Change directories by running the command, cd chkrootkit-0.53 • Run the command, make sense, in order to start the chkrootkit installation. The chkrootkit script will be installed by the system on your server. • Run the below-mentioned command to run the chkrootkit script. /root/chkrootkit-0.53/chkrootkit

  9. 1-800-123 -8156 Whoa! That’s a big number, aren’t you proud?

  10. CloudLinux • A secure version of Linux is provided through CloudLinux which integrates with cPanel & WHM. Advanced functionality is provided by it for hosting environments that are shared. Resource management tools that are detailed are provided by it along with stability and enhancements to system management. CloudLinux is available for purchase at the cPanel store.

  11. ConfigServer Software The use of CSF (ConfigServer Firewall), which is a free product provided by ConfigServer, is highly recommended. The following components are contained in CSF: • Stateful Packet Inspection (SPI) firewall • Mechanism for login and intrusion detection • General security application related to Linux servers The following steps need to be followed for installing ConfigServer Firewall: • Server log in via SSH. This needs to be done as the root user • Change the root directory by running the command, cd /root • Download ConfigServer Firewall by running the below-mentioned command • wget https://download.configserver.com/csf.tgz • Decompress the downloaded file by running the command, tar -xzf csf.tgz • Change directories by running the command, cd csf • Start the CSF installation by running the command, ./install.cpanel.sh

  12. ConfigServer Software (Continued) The ConfigServer Security & Firewall interface of WHM is used to configure CSF. WHM >> Home >> Plugins >> ConfigServer Security & Firewall The correct ports in CSF need to be enabled by the installation script. It is recommended that this be confirmed on the server. Testing mode should be disabled, after CSF has been configured. The following steps need to be carried out for this purpose: • Click Firewall • The value of Testing needs to be changed from 0 to 1 • Click Change

  13. ConfigServer Software (Continued I) CMQ (ConfigServer Mail Queues) are also provided by ConfigServer. It is a cPanel & WHM free add-on product. A full-featured interface is provided by this product to the Exim mail queues of cPanel from within WHM. The ConfigServer Mail Queues prove to be useful for: • Bounce emails’ deletion • Undelivered (frozen) emails’ deletion • Attempts to retry the delivery of specific emails • Determination of the reason for inbound or outbound emails’ delivery failure • Forcing queue runs • Integration with installed MailScanner, offering Pending and Delivery queues’ emails’ views/deletion • Viewing specific emails’ email history from the exim mail logs • Searching for, viewing and/or deletion of emails from certain domains and addresses

  14. ConfigServereXploit Scanner • CXS stands for ConfigServereXploit Scanner, which integrates with cPanel & WHM. All uploads to a server are scanned for malware by it. Additionally, if any suspicious file is found, it is quarantined by it. Its initial installation is included with the license along with the recommended configuration options.

  15. ImunifyAV • Protecting the server against any malicious code is rendered easy by ImunifyAV, which is a free Linux server antivirus software. Enhanced antivirus protection is provided by ImunifyAV+ which detects threats as well as automatically cleans files that are infected. Email notifications are included in it. • ImunifyAV+ is available for purchase on the cPanel store.

  16. Imunify360 • A security suite is offered by Imunify360 which is aimed at protecting servers against a wide range of attacks. Imunify360 integrates with cPanel & WHM. Reports regarding the status of the server are provided by it to the system administrator. It can be purchased from the cPanel store.

  17. KernelCare • The Linux kernel of the system is automatically updated by KernelCare. This takes place without any requirement for a reboot. It not only automates Linux kernel, IoT security patching and shared libraries without the need to reboot or causing any downtime but also fixes security vulnerabilities on numerous Linux distributions. Patches which secure vulnerabilities are also offered by it. KernelCare is available for purchase in the cPanel store. • It needs to be mentioned that KernelCare can only be installed on those systems which run CentOS 6, 7 and 8.

  18. Linux Malware Detect • LMD stands for Linux Malware Detect. A shareware protection scanner against malware for Linux is offered by LMD. It is designed to provide protection against the threats that exist in shared hosting environments. Threat data from network edge intrusion detection systems is used by it for extracting malware which is actively used in attacks. Signatures are generated by it for detection. The signatures that are used by LMD are MD5 file hashes as well as HEX pattern matches. Moreover, these can be exported easily to detection tools.

  19. Modify the Logwatch Configuration File The log files of the system are parsed by the Logwatch customizable log analysis system for a certain period of time. Additionally, a report is created for the analysis of specific data. When the server does not include Logwatch, the following command needs to be run to install it, along with the required dependences: yum -y install logwatch The location of the Logwatch configuration file is /usr/share/logwatch/default.conf/logwatch.conf The use of a text editor is recommended for changing the below-mentioned parameters. • MailTo = user@example.com - Changing the address, user@example.com, to that email address on which Logwatch notifications need to be received. • Detail = 5 or Detail = 10 – This parameter changes in order to set log files’ details. 5 and 10 represent a medium and a high level of detail, respectively.

  20. Patchman • Vulnerabilities in software are detected by Patchman, which integrates with cPanel & WHM. Reports related to the status of the server are provided by it to the system administrator. Moreover, notices are sent by it to customers with regard to providing information on resolution of issues. When vulnerabilities are not resolved by customers, Patchman automatically fixes those vulnerabilities.

  21. Rootkit Hunter Rootkits and any other exploit are scanned by the script, rkhunter. It needs to be mentioned that rkhunter (Rootkit Hunter) is not provided by cPanel. Moreover, false positives might be experienced while using rkhunter. The system administrator should be contacted for assistance regarding rkhunter. It is recommended that the rkhunter script be run frequently and a cron job be added which runs the command, /root/rkhunter-version/files/rkhunter -c The following steps should be performed for installing the rkhunter script: • Server log in via SSH. It needs to be done as the root user • Change the root directory by running the cd /root command • Download the rkhunter script by running the below-mentioned command • wget https://sourceforge.net/projects/rkhunter/files/rkhunter/version/rkhunter-version.tar.gz.asc/download • Decompress the downloaded file by running the below-mentioned command • tar -xvzf rkhunter-version.tar.gz • Change directories by running the command, cd rkhunter-1version • Run the command, ./installer.sh --layout default --install for beginning the rkhunter script installation. The system installs the rkhunter script on the server The following command needs to be run for running the rkhunter script: /root/rkhunter-version/files/rkhunter -c

  22. Thanks! ANY QUESTIONS? www.htshosting.org

More Related