Things I know for sure to install/ do on my server in order of importance:
- Full Cpanel (stable) upgrade [Already installed Cpanel Feature]
This should upgrade openssh and all of that good stuff so all those locks show locked.
- Recompile Apache [Already installed Cpanel Feature]
- Disable Telnet
# pico -w /etc/xinetd.d/telnet
# (change disable = no to yes)
# /etc/init.d/xinetd restart
- Bind sshd to only 1 ip, and make it a different ip then my main site.
- Chroot/Jail [Link]
Then this is where a few questions come up:
Firewalls, I hear of: PMFirewall, Kiss my firewall, APF, Bastille etc.. Whats the best?
Ipchains.. Iptables.. What are these? I'm pretty sure they are something the firewalls look at for instructions on what to do, but i'm not sure if they are, or if they are some type of program.
Also, I heard portsentry was bad, but what is it? Is it a type firewall?
- Tripwire [Link]
- Anti-Virus Scanner [Link]
- Email Anti-Virus Scanner (MailScanner) [Link]
- chkrootkit [Link]
- Disable direct root login [Link]
- PRM (Process Resource Monitor) [Link]
- MRTG bandwidth monitor
- Mask apache server & services version numbers [Link]
I hear alot about programs that check logs for you, but they all trail off and don't help at all. Help on that?
---------------
Thats about all I have. I do however use sftp when I login to admin or root, and I do use only ssh, but I can't find a program that takes advantage of ssh2. Putty doesn't have an ssh2 option, and i'm not quite sure what port its on.
This is all I have for now, and I plan on making a defintive howto when i'm done to properly secure your cpanel box to its fullest. I'd really like to help the community once I find all of this stuff out, but I need help.
Thanks for understanding and helping!