Archive for the ‘Linux hosting’ Category

Linux Security tweak

October 15th, 2009

These linux security doc will help you to tweak on the linux server for the security stuff.

1. Exim.
Enable extended logging :
Add the following line in exim, below the first line recommended
log_selector = +address_rewrite +all_parents +arguments
+connection_reject +delay_delivery +delivery_size +dnslist_defer
+incoming_interface +incoming_port +lost_incoming_connection +queue_run
+received_sender +received_recipients +retry_defer +sender_on_delivery
+size_reject +skip_delivery +smtp_confirmation +smtp_connection
+smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn

Fommail Trap

For Securing Exim i found this a Good resource

2. Httpd :

install mod_security
install mod_dosevasive (causes problem with FP sometimes though)

3. PHP

disable_functions = “system,exec”

eAccelerator for PHP acceleration

4. Some small recommended apps

Install BFD from
Install LSM from
APF from ( since we have portsentry not really required )
rkhunter can be found on

5. cpanel script to disable compilers incase we have not done this yet
/scripts/compilers off


mysql query cache
vi /etc/my.cnf
query-cache-type = 1
query-cache-size = 100M
100M can be changed according to how busy the server is

7. Securing some binaries

chmod 750 /usr/bin/rcp
chmod 750 /usr/bin/wget
chmod 750 /usr/bin/lynx
chmod 750 /usr/bin/links
chmod 750 /usr/bin/scp
chmod 000 /etc/httpd/proxy/

I hope you might have found this Misc security tweaks helpful.

GD Star Rating

Posted in Linux hosting | Comments (10,243)