| |
Security
audit |
| |
1)
Installing rkhunter and Configuring it to update itself
daily and then run itself – it will send you a
report if anything is wrong.
2) Repair or Reinstall of corrupt binaries.
|
| |
Webserver
security |
| |
1)
Installing mod_security with our own custom ruleset.
This module consists of many different rules. The ruleset
that we use by default isn’t too strict, but it
will block dangerous attempts to hack the server. Because
it consists of so many rules it’s very easy for
us to add an additional rule or to disable one, whenever
needed.
2) Compiled PHP version 4.3.10.
|
| |
SSH
security |
| |
1)
Installing and compiling the latest version of OpenSSL.
2) Installing and compiled the latest version of OpenSSH
and Configuring it with the latest version of OpenSSL
|
| |
Firewall configuration |
| |
1)
Installing APF firewall (latest version).
2) Configuring the firewall to only accept incoming/outgoing
connections on ports that are needed on your server
system. |
| |
Server Monitoring |
| |
Installing
System Integrity Monitor to monitor the following services:
- Apache
- MySQL
- Email
- Server load
- SSH
- FTP
System will automatically try to fix any possible problems
such as huge logfiles that would automatically be recycled
for instance. If the system can’t fix the problem
itself it will send you an email.
|
| |
Environmental
security |
| |
1) Mounting /tmp partition
with noexec so that no files on these partitions can be
executed.
2) Disabling compilers for all users but root.
3) Sysctl.conf hardening to make it much harder to get
attacked by syn floods.
4) Open basedir protection setup.
5) Installing chkrootkit and Configuring it to send you
a daily report . |
| |
Apache tweaking |
| |
1) Installing Zend Optimizer.
2) Tweak Apache configuration.
3) Recompile Apache with commonly used modules. |
