- ROOT Access Detector/E-Mail warning
To receive an email alert when anyone may log into your root account on your virtual server, you can modify the the .bash_profile file and add the below line.
Use nano or vi to edit the following file
nano /root/.bash_profile
Add the following line
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" your@email.com
Then save & exit from this file.
Please change the email address at the end of the line (your@email.com) to your email address. - Updates & Security Patches
Update the operating system with the latest updates & security patches from CentOS. You can run the following command to update your operating system.
yum update - Installing chrootkit
Installing chrootkit is highly recommended so that hackers and spammers can be stopped from using injecting methods with forms that might be hosted on your websites or clients website.
To download & install Chrootkit
cd /root
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit-0.44
make sense
To run Chrootkit
/root/chkrootkit-0.44/chkrootkit - Changing the SSH Port
Changing the SSH port can prevent others from logging into your virtual server if they are not aware of your new SSH port number.
nano /etc/ssh/sshd_config
Scroll down to the section of the file where it looks like this:
#Port 22
#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress ::
Uncomment this line and change the port number
#Port 22
to make it look like this
Port 5678
This will change the SSH port from 22 to 5678. You can set the SSH port number to another port number if you like, for example 9876. 49151 is the highest port number you can use. We recommend not using port 5678.
Save and exit the file
Once this file is saved, run the following command to restart your SSH service.
/etc/rc.d/init.d/sshd restart - Disable version output for Apache
When visiting a website that is hosted on your virtual server and will show a directory listing, down the bottom it can show the version of your Apache. Below we explain how to disable the version from being showed
nano /etc/httpd/conf/httpd.conf
Scroll down and change the following line
FIND: ServerSignature On
to
CHANGE TO: ServerSignature Off
Exit and save this file.
Then restart Apache
/etc/rc.d/init.d/httpd restart - Install Brute Force Detector (BFD) - OPTIONAL
At the command prompt, follow the below commands to download and install BFD
cd /root/
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
tar -xvzf bfd-current.tar.gz
cd bfd-0.4
./install.sh
After BFD has been installed, you will need to modify the configuration file.
nano /usr/local/bfd/conf.bfd
FIND: ALERT_USR="0"
CHANGE TO: ALERT_USR="1"
FIND: EMAIL_USR="root"
CHANGE TO: EMAIL_USR="your@yourdomain.com"
You can also view /usr/local/bfd to view the number of rules that can be changed in the configuration file.
Once the configuration file has been modified, save and exit.
To ensure that you do not lock yourself out, add your IP to the ignore list
nano /usr/local/bfd/ignore.host
And add your IP address. If you do not know your IP address, you can go to http://www.whatismyip.com and you can see your IP address here.
To start BFD
/usr/local/sbin/bfd -s - Install ConfigServer Firewall (CSF)
At the command prompt, follow the below commands to download and install CSF
cd /root/
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Once this is installed, you can log into your WHM area with the root account. On the left hand menu, scroll down to the bottom and you will see a link to the ConfigServer Firewall area. In here, you can make the changes to ConfigServer Firewall.
