Hey all, Just got my first dedicated server yesterday. Can anyone share a good tutorial / step by step place where i can learn how to full secure my dedicated server through whm. Like what i should install and how exactly. I have 0% clue how to do anything of this type in my server. Thanks
DonKon, congratulations on your new server. The best source for that kind of stuff is forums.ev1servers.net You will find a lot of good information and very cooperative users there. Go the corresponding forum and you will find tons of tips. However, if you want to do it right, go with www.ncmanage.com they are my favorite provider. After looking around quite a bit and working with 4 different providers I found them. Good service and good prices. I highly recommend the "new server setup" package. It comes with anything you need regarding security. I also use their administrative services, so I don't have to worry about the server coming down at 3:00 am, and they solve anything I try to "fix" good luck
Install mod_security with a good ruleset, change ssh port and control panel port! that should be first steps!
Disable services you do not require. update software (up2date, yum or depending on your platform), update control panel software, activate packet filter (ipchains,iptables,ipf), lock down ports that you do not want for the public to be open... there are many articles around the net, search for 10 minutes on google and you will find plenty of neat stuff ! Remember, not all ready made commands will work for you or your websites. be smart and think - increase your site security using different methods... combine multiple advices/commands/security and you will be fine !
I just went thru all that when I moved to a root server a month ago( and may be more to do ) I also disabled ALL password login and replaced it by ssh server key login I also close chmod 000 all admin subfolders or folders of admin SW if I dont use them such are phpmyadmin, cyrus, etc it paid off after the first few days the average number of hackers knocking at your door may be in the range of 1 hacker per day on Nov 22 I had 7 hackers trying i had hackers trying to enter my server the vey first days before my site was fully setup - that might be the greatest risk period - your first few weeks until all is installed AND secured ( chomd DOWN to minimum and close all admin folders when all admin owrk is done !) hence these are things to take serious - for that reason I am 24/7 online the first many weeks and will keep on doing to the next few months for that reason I have all my work on a laptop always with me. reduce the SW installed to the minimum when installing SW - use SW with a perfect security record and properly maintained and only AFTER you had time to fully study and understand that SW. keep anything shut that allows upoad or login unless you know what you do and unless you REALLY need it. it is far easier to keep a site secure if you are the only one to access, to upload and to manage the server. learn to use iptables to instantly block new active hackers use of iptables is more resource efficient than a deny from [hackers-IP] in your apache global conf or htaccess permanently shut out those networks where hackers origin - you will see that most of the hackers IP used have NO value in http traffic - hence closing doors to entire subnets will have NO loss to actual traffic at all.
You might want to look at installing the Grsecurity kernel patch at grsecurity.net. It provides much protection against stack and heap based exploits, and many many other very good security features, and can really help to effectively lock down a linux server.
if you have 0% clue of how to do these things on your server ideally you should obtain a security audit from a server management company, which allows you to take the time and learn whilst knowing you server will be secure before you have got the hang of doing things yourself. Is the server unmanaged by the way?