hi,
is the follow all what i can do to secure and run a some what high traffic server with cgi/php/mysql on it ?

1- running lates stable:
WHM/Cpanel
APF + ANTIDOS with auto email for dos
MAILSCANNER/CLAM
2- no direct root login with long passwords and only ssh2
3- switched to pureftp
4- no telnet running
5- only allowing my customers hosts in hosts.allow and the firewal
6- installed rootchkkite
7- installed mod_security
8- enabled every protaction there is in WHM
9- ran the /scripts/tempsecure thing and auto run at boot
10- dont allow users shell access
11- hiding my apache version
12- disabled most of the unwanted packeges in cpanel for users like formmail.cgi
13- disabled 3rd part scripts like phpnuke in cpanel
14- have the system email me if root logs in
15- have mrtg installed
16- installed bfd "brute force " but i yet to see it do any thing
17- got SM moniter installed
18- i keep checking my emails and login to th server always every day to read logs and see the traffic.
19- chmod 700 msot my compilers and other commands like wget ps w df
did i miss any thing ?
is there any thing more i can do to incress security ?
thanks for reading

28 views and no comments ?!

Wow you've done quite a bit. The salesman in me says "purchase floodguard". Otherwise maybe you can check your mySQL users to make sure they can only access the server from localhost. Make sure you didn't lock us out in hosts.allow.

hehe i have floodguard and you guys are safe have you in hosts.allow and the firewall
plus i just installed
mod_dosevasive from here http://www.nuclearelephant.com/projects/dosevasive/

about mysql whats the recomanded settings and how to only allow local connactions ? should i use webmin for that ? or edit /etc/my.cnf ? whas the line to change or add ?
thanks

Check this section of the mySQL manual, especially section 5.3.3:

http://www.mysql.com/doc/en/Security.html

This section is full of some great tips on securing your installation.

The only things I would add to your list is -

Use a different port for ssh, and bind it to only 1 IP

Get tripwire configured ( while it gives a lot of reports when you add new clients, it can be a great monitoring tool that adds to finding any funny biz with your system.

Do a chkconfig --list, and disable services you don't need.

I found these on my box -

- xfs - X windows font service

- netfs - only needed if running remote file system access

- autofs - Automatic mounting of floppies and cds?

- isdn - ISDN access?

The default setup has some strange items installed.

turn off passwords on ssh and only use keys. Also make sure only certain people (in wheel group) can su to root.

Why use SSH keys rather than passwords? I've been wary of using keys incase someone hacked my own office terminal physically.

Thanks,
Matt