HomecPanel › Secure and Optimize your Virtual Private Server (VPS)

Secure and Optimize your Virtual Private Server (VPS)

October 18, 2009 • By admin • cPanel

These techniques can definitely help you, but remember, use them at your own risk. If you don't know what you're doing, research it before attempting it.

Securing cPanel – WHM – And Root on a VPS

This will help but as mentioned in previous posts, with a VPS you do not have access to your kernel. That is good in some ways, because if you don't have access to it, neither do hackers or spammers (which limits what they can do). It's bad in ways, because you lose control and if you secure your box as much as possible, you are still at risk because you cannot control your kernel.

Checking for Formmail

Form mail is used by hackers to send out spam email, by relay and injection methods. If you are using matts script or a version of it, you may be in jeopardy.

Command to find pesky form mails:

find / -name "[Ff]orm[mM]ai*"

CGIemail is also a security risk:

find / -name "[Cc]giemai*"

Command to disable form mails:

chmod a-rwx /path/to/filename

(a-rwx translates to all types, no read, write or execute permissions).

If a client or someone on your VPS installs form mail, you will have to let them know you are disabling their script and give them an alternative.

Root Kit Checker

Check for root kits and even set a root kit check on a cron job. This will show you if anyone has compromised your root. Always update chkrootkit to get the latest root kit checker. Hackers and spammers will try to find insecure upload forms on your box and then with injection methods, try to upload the root kit on your server. If they can run it, it will modify many files, possibly causing you to have to reinstall.

Root kit checker: chkrootkit.org

To install chkrootkit, SSH into server and login as root. At command prompt type:

cd /root/
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit-0.44
make sense

To run chkrootkit, at command prompt type:

/root/chkrootkit-0.44/chkrootkit

Make sure you run it on a regular basis, perhaps including it in a cron job.

Execution — I use these three commands the most:

./chkrootkit
./chkrootkit -q
./chkrootkit -x | more

Install a Root Breach Detector and Email Warning

If someone does happen to get root, be warned quickly by installing a detector and warning at your box. You will at least get the hacker's/spammer's IP address and be warned someone is in there.

To have the server email you every time someone logs in as root, SSH into server and login as root. At command prompt type:

pico .bash_profile

Scroll down to the end of the file and add the following line:

echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" [email protected]

Save and exit.

Set an SSH Legal Message

To set an SSH legal message, SSH into server and login as root. At command prompt type:

pico /etc/motd

Enter your message, save and exit. Example message:

ALERT! You are entering a secured area! Your IP and login information have been recorded. System administration has been notified. This system is restricted to authorized access only. All activities on this system are recorded and logged. Unauthorized access will be fully investigated and reported to the appropriate law enforcement agencies.

Sources: http://www.webhostingtalk.com/showthread.php?t=468168