Linux Server Hardening

1.      Firewall setup: We setup CSF firewall in if the server is a Cpanel and Plesk Firewall if the server is a Plesk server. We keep open only the required ports and close all the unused ports in the server.

2.      Brute Force Detection and Prevention: Brute Force attack is a type of attack where an intruder tries to guess login and password of systems to gain access. We ensure that Brute force attacks are detected and prevented by the server. The source IP addresses of the attackers are blocked for a temporary period once a Brute Force attack is detected. Repetitive attacks from same IP address results in permanent ban.

3.      Disable Unnecessary services: We disable the following services in the server as they are absolutely unnecessary but can pose a serious threat if left running.

cups bluetooth
xfs anacron
nfslock gpm
canna saslauthd
FreeWnn avahi-daemon
cups-config-daemon avahi-dnsconfd
iiim hidd
mDNSResponder pcscd
nifd sbadm
rpcidmapd

4.      Apache Hardening: We harden the Apache server before putting it into production use. Apache Hardening ensures that the web server is secure from attackers who exploit the known backdoors of Apache server to gain access to the server or hack the websites hosted in the server.

5.      PHP Hardening: Tthe increased usage of CMS like WordPress and Joomla has created a need to secure PHP as the websites created using these CMS are the prime targets of hackers. We harden the PHP installation on our servers by setting up Suhosin which is also known as Hardened PHP. We also disable functions which are known to act as backdoors for hackers.

6.      MySQL Hardening: MySQL acts as a database backend for many applications like WordPress, Joomla etc. Iike WordPress and Joomla. The security of MySQL is a big concern. We harden the MySQL server to ensure that it is safe from hackers.

7.      Mail Server Hardening: Mail server hardening involves antispam scanning, antivirus scanning, setting attachment limits, setting maximum recipients limit per email, restricting the size of each email sent from the server, setting limit of emails each domain can send per hour etc.

8.      ClamAV setup: We install ClamAV antivirus which is an open source antivirus for Linux servers and is one of the widely used antivirus software. ClamAV can be used to scan for viruses in the server as well as linked with the mail server to scan all the incoming emails for viruses.

9.      Spamassassin: Spamassassin is a very common antispam software which is used in servers to keep away spam from the inboxes of the email users. We install Spamassassin in the servers with basic configuration which reduces the number of spam emails received in the server. Over a period of time, the spamassassin becomes stronger to reduce most of the spam emails.

10.   Mod Security: Mod security is an Apache module which is a free web application firewall. While the normal firewalls cannot block web attacks as the port 80 has to be kept opened. Mod Security helps to block web attacks like SQL injection, cross site scripting etc.

11.   Enable Mod Evasive: Mod Evasive is a module which is used to stop DDoS attacks on the Apache server. Setting this module ensures that the Apache web server is secure from DDoS attacks which can increase traffic on the server and can bring down the server.

12.   SSH Hardening: To manage a Linux server remotely, SSH is very much essential. However, SSH can be exploited by hackers to gain access to the servers. We harden the SSH server to ensure that the hackers don’t get backdoor entry to the server without authentication.

13.   Harden temporary directory and shared memory locations: In Linux the /tmp directory or partition is the location where the temporary directory and shared memory location is stored. We set the noexec,nosuid permission on the /tmp partition which secures the /tmp directory and restrict attacks on the web applications hosted in the server.

14.   Optimize TCP/IP Stack: The TCP/IP stack is optimized to improve the networking performance of the server.

15.   Optimize MySQL: We optimize MySQL server to improve the performance of the database driven websites. We run tools like MySQL tuner which gives suggestions on how the MySQL server can be optimized for better performance.

16.   Setup Rootkit Detection tool and run nightly scan: We install Rootkit detection tool on the server which scans for the installed rootkits on the servers and remove them. We setup a nightly scan schedule to detect rootkits.

17.    Setup Malware Detection tool and run nightly scan: We install Malware Detection tool like Maldet to scan and remove any malware present on the server. We schedule a nightly scan of the tool to scan the entire server and remove any malware present. It also sends a complete report of the malwares found after each scan.

18.   DNS Server Hardening: We disable DNS recursion in the DNS server to ensure the prevent DNS recursion attacks.

19.   Enable syncookie protection: It enables protection against TCP Syn Flood Attacks.

20.   Enable ICMP rate-limiting: ICMP rate-limiting helps to prevent ICMP flood attacks.

21.   Harden host.conf: It enables spoofing protection and protection against DNS poisoning attacks.

22.   Disable IP Source Routing:  A malicious user can use IP Source Routing to learn more about a network and target it for attack. We disable IP Source Routing to prevent such attacks.

23.   Disable ICMP Redirect Acceptance: An attacker who is able to forge ICMP redirect packets can alter the routing tables on the host and possibly subvert the security of the host by causing traffic to flow via a path you didn’t intend. We disable ICMP Redirect Acceptance to prevent such attacks.

24.   Enable Strong Password policy: A weak password means easy access to system by an attacker who can then wreak havoc in the server. We enable strong password policy which makes it difficult for attackers to guess passwords and gain access to the server.

25.   Disable Compilers for unprivileged users: Many common attacks require a working C or C++ compiler on the server. Disabling these compilers for unprivileged users result in a more secure server.

26.   IP restriction to server access: The best way to keep a server secure is by limiting the server access to a specific IP address or subnet. If the customer has a static IP, we restrict the server access to the static IP provided by the customer.

qualiadmin
It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. The point of using Lorem Ipsum is that it has a more-or-less normal distribution of letters, as opposed to using 'Content here, content here', making it look like readable English. Many desktop publishing packages and web page editors now use Lorem Ipsum as their default model text, and a search for 'lorem ipsum' will uncover many web sites still in their infancy. Various versions have evolved over the years, sometimes by accident, sometimes on purpose (injected humour and the like).