Recommended Software and Modifications for Server Security - PowerPoint PPT Presentation

About This Presentation
Title:

Recommended Software and Modifications for Server Security

Description:

Certain scripts and software are recommended for ensuring the security of a server. These include some modifications and third-party software that can be installed for gaining enhanced server security. – PowerPoint PPT presentation

Number of Views:51
Slides: 23
Provided by: htshosting
Category: Other

less

Transcript and Presenter's Notes

Title: Recommended Software and Modifications for Server Security


1
Recommended Software and Modifications for Server
Security
2
Table of Contents
  • Introduction
  • Introduction (Continued)
  • APF Firewall
  • Atomicorp
  • BitNinja
  • chkrootkit
  • CloudLinux
  • ConfigServer Software
  • ConfigServer Software (Continued)
  • ConfigServer Software (Continued I)
  • ConfigServer eXploit Scanner
  • ImunifyAV
  • Imunify360
  • KernelCare
  • Linux Malware Detect
  • Modify the Logwatch Configuration File
  • Patchman
  • RootKit Hunter

3
Introduction
  • Certain security settings are recommended that
    ensure your servers security. Here, information
    is being provided on scripts as well as software
    for server modification, which are aimed at
    enhancing server security. The information
    contained here lists all those third-party
    software and modifications which can be installed
    to increase a servers security.
  • In the context of servers, web servers are a type
    of server that are used by web hosting companies
    for the purpose of providing the service of web
    hosting. Web hosting companies that are renowned
    as the Best Website Hosting Company, the Best
    Windows Hosting Company, and the Top Cloud
    Hosting Company, such as HTS Hosting, offer
    hosting services that deliver high uptime, secure
    and speedy hosting at very affordable prices.

4
Introduction (Continued)
  • Despite the recommendations, it is advised that
    the release date of all the solutions that are
    being provided here are checked. This is because
    many programs might not have received updates and
    might contain malware libraries that are
    outdated. Out of all the solutions listed here,
    cPanel provides direct technical support only for
    KernelCare, Imunify360, and CloudLinux, when
    these are directly licensed through cPanel. In
    other cases, the concerned software developer or
    the system administrator needs to be contacted in
    situations where help is needed.

5
APF Firewall
  • An advanced firewall for Linux systems is offered
    by APF Firewall. APF is the abbreviation for
    Advanced Policy Firewall. It is a firewall system
    that is iptables (netfilter) based. It has been
    designed to cater to the requirements of the
    Internet deployed servers of these days as well
    as the unique requirements of custom deployed
    Linux installations. APFs configuration is
    immensely informative and it equips the user with
    a process that is easy to follow.
  • APF utilizes the latest as well as the most
    stable features from the iptables project. This
    ensures that a very powerful firewall is
    provided. APFs filtering is threefold
  • Policies that are based on static rule (not
    static firewall)
  • Policies based on sanity
  • Stateful policies that are connection based

6
Atomicorp
  • A secure and hardened shell for Linux servers is
    offered by Atomicorp. Atomicorp ensures the
    security of a server and the hybrid environment.
    With regard to data center workloads, it offers
    an intrusion prevention system that is
    comprehensive.
  • The main features of Atomicorp are as follows
  • System Hardening
  • Memory protection
  • Advanced FIM (File Integrity Monitoring)
  • Vulnerability Shielding/ WAF Protection
  • Compliance Reporting
  • Application control and visibility
  • Cloud-based and Workload-based Machine Learning
  • Real-time scanning and quarantine
  • Micro segmentation
  • Server EDR and behavioural monitoring

7
BitNinja
  • A security suite is provided by BitNinja.
    Protection against multiple forms of attacks is
    provided by it.
  • Some of the features that this server protection
    suite for hosting providers offers, are as
    follows
  • Realtime IP Reputation
  • WAF (Web Application Firewall)
  • Log Analysis
  • DoS Detection
  • Malware Detection
  • Honeypots which trap suspicious connections

8
Chkrootkit
  • The binaries of your system for rootkit
    installations are examined by the chkrootkit
    shell script. Undetected administrative access to
    a server can be gained by a malicious user
    through rootkits.
  • The following steps need to be carried out for
    installing the chkrootkit script
  • Server log in via SSH. This needs to be done as
    the root user.
  • Change the root directory by running the cd /root
    command.
  • Download chkrootkit by running the
    below-mentioned command.
  • wget ftp//ftp.pangeia.com.br/pub/seg/pac/chkrootk
    it.tar.gz
  • Decompress the downloaded file by running the
    command, tar -xvzf chkrootkit.tar.gz
  • Change directories by running the command, cd
    chkrootkit-0.53
  • Run the command, make sense, in order to start
    the chkrootkit installation. The chkrootkit
    script will be installed by the system on your
    server.
  • Run the below-mentioned command to run the
    chkrootkit script.
  • /root/chkrootkit-0.53/chkrootki
    t

9
1-800-123 -8156
  • Whoa! Thats a big number, arent you
    proud?

10
CloudLinux
  • A secure version of Linux is provided through
    CloudLinux which integrates with cPanel WHM.
    Advanced functionality is provided by it for
    hosting environments that are shared. Resource
    management tools that are detailed are provided
    by it along with stability and enhancements to
    system management. CloudLinux is available for
    purchase at the cPanel store.

11
ConfigServer Software
  • The use of CSF (ConfigServer Firewall), which is
    a free product provided by ConfigServer, is
    highly recommended. The following components are
    contained in CSF
  • Stateful Packet Inspection (SPI) firewall
  • Mechanism for login and intrusion detection
  • General security application related to Linux
    servers
  • The following steps need to be followed for
    installing ConfigServer Firewall
  • Server log in via SSH. This needs to be done as
    the root user
  • Change the root directory by running the command,
    cd /root
  • Download ConfigServer Firewall by running the
    below-mentioned command
  • wget https//download.configserver.com/csf.tgz
  • Decompress the downloaded file by running the
    command, tar -xzf csf.tgz
  • Change directories by running the command, cd csf
  • Start the CSF installation by running the
    command, ./install.cpanel.sh

12
ConfigServer Software (Continued)
  • The ConfigServer Security Firewall interface of
    WHM is used to configure CSF.
  • WHM gtgt Home gtgt Plugins gtgt ConfigServer Security
    Firewall
  • The correct ports in CSF need to be enabled by
    the installation script. It is recommended that
    this be confirmed on the server.
  • Testing mode should be disabled, after CSF has
    been configured. The following steps need to be
    carried out for this purpose
  • Click Firewall
  • The value of Testing needs to be changed from 0
    to 1
  • Click Change

13
ConfigServer Software (Continued I)
  • CMQ (ConfigServer Mail Queues) are also provided
    by ConfigServer. It is a cPanel WHM free add-on
    product. A full-featured interface is provided by
    this product to the Exim mail queues of cPanel
    from within WHM.
  • The ConfigServer Mail Queues prove to be useful
    for
  • Bounce emails deletion
  • Undelivered (frozen) emails deletion
  • Attempts to retry the delivery of specific emails
  • Determination of the reason for inbound or
    outbound emails delivery failure
  • Forcing queue runs
  • Integration with installed MailScanner, offering
    Pending and Delivery queues emails
    views/deletion
  • Viewing specific emails email history from the
    exim mail logs
  • Searching for, viewing and/or deletion of emails
    from certain domains and addresses

14
ConfigServer eXploit Scanner
  • CXS stands for ConfigServer eXploit Scanner,
    which integrates with cPanel WHM. All uploads
    to a server are scanned for malware by it.
    Additionally, if any suspicious file is found, it
    is quarantined by it. Its initial installation is
    included with the license along with the
    recommended configuration options.

15
ImunifyAV
  • Protecting the server against any malicious code
    is rendered easy by ImunifyAV, which is a free
    Linux server antivirus software. Enhanced
    antivirus protection is provided by ImunifyAV
    which detects threats as well as automatically
    cleans files that are infected. Email
    notifications are included in it.
  • ImunifyAV is available for purchase on the
    cPanel store.

16
Imunify360
  • A security suite is offered by Imunify360 which
    is aimed at protecting servers against a wide
    range of attacks. Imunify360 integrates with
    cPanel WHM. Reports regarding the status of the
    server are provided by it to the system
    administrator. It can be purchased from the
    cPanel store.

17
KernelCare
  • The Linux kernel of the system is automatically
    updated by KernelCare. This takes place without
    any requirement for a reboot. It not only
    automates Linux kernel, IoT security patching and
    shared libraries without the need to reboot or
    causing any downtime but also fixes security
    vulnerabilities on numerous Linux distributions.
    Patches which secure vulnerabilities are also
    offered by it. KernelCare is available for
    purchase in the cPanel store.
  • It needs to be mentioned that KernelCare can only
    be installed on those systems which run CentOS 6,
    7 and 8.

18
Linux Malware Detect
  • LMD stands for Linux Malware Detect. A shareware
    protection scanner against malware for Linux is
    offered by LMD. It is designed to provide
    protection against the threats that exist in
    shared hosting environments. Threat data from
    network edge intrusion detection systems is used
    by it for extracting malware which is actively
    used in attacks. Signatures are generated by it
    for detection. The signatures that are used by
    LMD are MD5 file hashes as well as HEX pattern
    matches. Moreover, these can be exported easily
    to detection tools.

19
Modify the Logwatch Configuration File
  • The log files of the system are parsed by the
    Logwatch customizable log analysis system for a
    certain period of time. Additionally, a report is
    created for the analysis of specific data. When
    the server does not include Logwatch, the
    following command needs to be run to install it,
    along with the required dependences yum -y
    install logwatch
  • The location of the Logwatch configuration file
    is /usr/share/logwatch/default.conf/logwatch.conf
  • The use of a text editor is recommended for
    changing the below-mentioned parameters.
  • MailTo user_at_example.com - Changing the address,
    user_at_example.com, to that email address on which
    Logwatch notifications need to be received.
  • Detail 5 or Detail 10 This parameter
    changes in order to set log files details. 5 and
    10 represent a medium and a high level of detail,
    respectively.

20
Patchman
  • Vulnerabilities in software are detected by
    Patchman, which integrates with cPanel WHM.
    Reports related to the status of the server are
    provided by it to the system administrator.
    Moreover, notices are sent by it to customers
    with regard to providing information on
    resolution of issues. When vulnerabilities are
    not resolved by customers, Patchman automatically
    fixes those vulnerabilities.

21
Rootkit Hunter
  • Rootkits and any other exploit are scanned by the
    script, rkhunter. It needs to be mentioned that
    rkhunter (Rootkit Hunter) is not provided by
    cPanel. Moreover, false positives might be
    experienced while using rkhunter. The system
    administrator should be contacted for assistance
    regarding rkhunter. It is recommended that the
    rkhunter script be run frequently and a cron job
    be added which runs the command,
    /root/rkhunter-version/files/rkhunter -c
  • The following steps should be performed for
    installing the rkhunter script
  • Server log in via SSH. It needs to be done as the
    root user
  • Change the root directory by running the cd /root
    command
  • Download the rkhunter script by running the
    below-mentioned command
  • wget https//sourceforge.net/projects/rkhunter/fil
    es/rkhunter/version/rkhunter-version.tar.gz.asc/do
    wnload
  • Decompress the downloaded file by running the
    below-mentioned command
  • tar -xvzf rkhunter-version.tar.gz
  • Change directories by running the command, cd
    rkhunter-1version
  • Run the command, ./installer.sh --layout default
    --install for beginning the rkhunter script
    installation. The system installs the rkhunter
    script on the server
  • The following command needs to be run for running
    the rkhunter script /root/rkhunter-version/files/
    rkhunter -c

22
Thanks!
  • ANY QUESTIONS?
  • www.htshosting.org
Write a Comment
User Comments (0)
About PowerShow.com