Linux Security tweak
October 15th, 2009
These linux security doc will help you to tweak on the linux server for the security stuff.
1. Exim.
Enable extended logging :
Add the following line in exim, below the first line recommended
log_selector = +address_rewrite +all_parents +arguments
+connection_reject +delay_delivery +delivery_size +dnslist_defer
+incoming_interface +incoming_port +lost_incoming_connection +queue_run
+received_sender +received_recipients +retry_defer +sender_on_delivery
+size_reject +skip_delivery +smtp_confirmation +smtp_connection
+smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
+\
Fommail Trap
http://void.thunderteam.org/fm-trap.html
For Securing Exim i found this a Good resource
http://www.rvskin.com/index.php?page=public/antispam
2. Httpd :
install mod_security
install mod_dosevasive (causes problem with FP sometimes though)
3. PHP
disable_functions = “system,exec”
eAccelerator for PHP acceleration
http://sourceforge.net/projects/eaccelerator
4. Some small recommended apps
Install BFD from rfxnetworks.net
Install LSM from rfxnetworks.net
APF from rfxnetworks.net ( since we have portsentry not really required )
rkhunter can be found on www.rootkit.nl
5. cpanel script to disable compilers incase we have not done this yet
/scripts/compilers off
6. MYSQL
mysql query cache
vi /etc/my.cnf
query-cache-type = 1
query-cache-size = 100M
100M can be changed according to how busy the server is
7. Securing some binaries
chmod 750 /usr/bin/rcp
chmod 750 /usr/bin/wget
chmod 750 /usr/bin/lynx
chmod 750 /usr/bin/links
chmod 750 /usr/bin/scp
chmod 000 /etc/httpd/proxy/
I hope you might have found this Misc security tweaks helpful.
Posted in Linux hosting | Comments (0)
No comments yet