I am trying to secure my server as hard as I can get it without breaking stuff.
Unfortunatly I installed CentOS 5 with the default single partition. Now that does help doesnt it?
I have secured /dev/shm with noexec,nosuid
However my /tmp is simply a folder and I am wary of how to make a partition in CentOS5 to allow me to secure /tmp? Anybody have an easy way to do this that pretty risk free?
Ok here goes for the rest of the checklist:
Installed Security:
APF Firewall config
BFD Brute force detection
Secured PHP and put safemode ON
Secure apache.conf
Disabled all CGIs
Disabled telnet
remove isdn, bluetooth, samba, cups, finger, etc
install nmap to scan ports
install a antivirus and run it in cron.weekly
Installed chkrootkit and cron
Installed rkhunter and cron
chmod wget
Secured /dev/shm
Security to install or consider:
Need to secure /tmp (how? in single partition)
Consider mod_security (broke stuff so at the moment, uninstalled)
suPHP, would this be worth installing? Whats the quickest way of implementing on a PHP5 centos5 interworx set-up?
PortSentry (any opinions?)
Bastille (Any one tried it)
Have I missed anything, and can you advise on my points please?
Bastille is nice for an Assessment report. I didn’t run it in Interactive mode because I want to be able to make the correct changes myself and know what is being done to the server.
Can you point to a few how to’s or anything on some of these? With being not exactly a newbie but not really being well into the security side in the past I’ve not had time to look in-depth. I just want to do the best I can to prevent the server from possible attempts.
Intrusion detection systems (IDS) will take a snapshot of your filesystem and send you an email when anything important changes. These emails usually come after system updates. I just use a security suite from ConfigServer in place of APF and this includes IDS. I think Snort can be setup to be more proactive in security than traditional IDS from what I’ve read about it, but I haven’t used it.
Changing the permissions on the /etc/cron.d; /etc/cron.hourly; /etc/cron.daily; /etc/cron.weekly; /etc/cron.monthly folders is just something I choose to do on my server because I’m the only one messing around with the cron folders. You could just run the following commands for each folder:
I think Suhosin is a great addition to php security. It has a good amount of configurable settings if it appears to be breaking any scripts, but the default is usually fine. There are 2 choices on the install. You can install it as an extension, which is easier, or you can install it as a patch, which you would need to recompile php with the patch. Just the extension works fine.
LES looks interesting. What does it do in a nutshell and would it be likely to cause problems?[/quote]
I’ve made an update to the cron folder permissions above. The /etc/cron.d/ folder should be set to 700 and any files in it should be 644 or 640. I had forget about this change in my notes, sorry.
There should be an explanation of LES on the rfx website. Those scripts should all be compatible with InterWorx.
All I can really suggest is to make sure it is chmod 775 (not 777) which is I believe the default.
Be careful if you intend to reformat and put this in it’s own partition, we recommend a 2gb partition at least if you are going to do that. The reason is that it is used when you import/restore SiteWorx backups.
Your list looks pretty comprehensive, the only other thing I’d add is really not anything you can do physically to the server.
Do not give ssh access out to anyone who does not NEED it
*.Be aware of all of the php scripts on your server and make sure they are kept up to date.