LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   What are the most important security software on centos vps (http://www.linuxquestions.org/questions/linux-security-4/what-are-the-most-important-security-software-on-centos-vps-899769/)

elieobeid7 08-27-2011 05:33 AM

What are the most important security software on centos vps
 
i have a centos vps with lamp and ffmpeg and these libraries, I don't have a cpanel or any hosting panel, I have parallel virtuozzo which offers a firewall. now i have 2 questions:

1- I have a cpanel so should I worry about my server side security or should my company worries about that

2-If it's me who should protect everything from everyone lol :D what should i install on the vps? and by the way it's the first time i use parallel virtuozzo, coz my previous hosting provider has open panel, I know that parallel virtuozzo is the best (i read that on forums :D ) but is the firewall enough or do i have to install another one

Noway2 08-29-2011 04:03 PM

How to harden a server is a very broad topic. Each application has its own requirements and adds it's own complexities to the mix. One very important thing to think of as you investigate the process is that you want to apply your security in layers. For example, use a hardware firewall and only open the required ports, then prohibit access from anywhere except the firewall, and then program the application with further restrictions. While each of these may seem to accomplish the same thing, they are additional hurdles that a would be intruder must get past. Another thing to keep in mind is that having users authenticate with multiple pieces of information, such as having a key and knowing a password is much better than password alone. Also keep in mind the concept of least privilege. Don't allow more ports than you require, don't give users permissions that they don't need, don't run as root simply because you can and instead elevate to root to perform the required task and then drop this privilege.

With an application like CPANEL (it isn't clear if you are using it or not, you say you are and you are not), you should keep management interfaces so that they are not publicly available. Instead keep them on a private interface and require either a VPN connection or at least an SSH tunnel. Other programs, such as Apache, are generally good out of the box, but you need to be careful what you add to them, especially custom PHP based applications. You will want to definately want to make sure that you keep your applications patched and up to date.

Lastly, search this forum for many of the server hardening threads. These will have many suggestions. You should also check out the security references sticky at the top of the forum thread list.

elieobeid7 08-29-2011 07:17 PM

I don't have a cpanel, paralell virtuozzo is the vps panel, like open panel, where you format your vps, install a new OS...it comes by default from vps provider, but not a cpanel that you install which installs php phpmyadmin and so on


All times are GMT -5. The time now is 05:13 PM.