Linux Webserver Security

amolmistry · 01-17-2013, 06:41 AM

Hello.

Can anybody suggest how can I secure my web server with Panel is installed (cPanel), In which all website should not suffer and they can use all web default services.

I found below URL but seems not sufficient, please advice.

http://www.cyberciti.biz/tips/linux-security.html

Running major services on server as follows.

abrt-ccpp
abrt-oops
abrtd
acpid
atd
auditd
autofs
bandmin
cagefs
cdp-agent
cpanel
cpuspeed
crond
csf
db_governor
dovecot
exim
fastmail
filelimits
haldaemon
httpd
ip6tables
ipaliases
irqbalance
kdump
lfd
lve
lvectl
lvestats
lvm2-monitor
mcelogd
mdmonitor
memmonitor
messagebus
mysql
named
netfs
network
portreserve
proxyexecd
pure-ftpd
qpidd
rhnsd
ror
rpcbind
rpcgssd
rsyslog
securetmp
snmpd
sshd
sysstat
udev-post

Thanking you,

acid_kewpie · 01-17-2013, 06:44 AM

as a blanket request? no.

this has some useful things though - http://www.nsa.gov/ia/_files/factshe...1.pdfShareFile

amolmistry · 01-17-2013, 06:53 AM

Hello,

Further to above said requirement.

Kernel :- 2.6.32-379.9.1.lve1.1.9.7.2.el6.x86_64 #1 SMP Tue Oct 23 11:24:04 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux

Kindly find attached list of installed packages on server.

And suggest which is to be deleted/upgraded.

Thanking you

acid_kewpie · 01-17-2013, 07:02 AM

Again, no. We can't just teach you how to do your job. You need to ask *SPECIFIC* questions or refer to genreal pre-exsiting documentation readily available online.

unSpawn · 01-17-2013, 08:09 AM

Link fix for the above: http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf

unSpawn · 01-17-2013, 08:34 AM

...in addition to the NSA PDF acid_kewpie posted you should read the basic installation and administrator documentation the original Linux distribution provides (https://access.redhat.com/knowledge/docs/), preferably before you install the OS. As I note you use or intend to use a web-based management panel it is also strongly advised to practice (locally?) first and ensure you have the basic practical user knowledge needed to run a Linux machine. (I should warn you thought that thinking that this gains you practical admin knowledge in say five days to be able to run a server securely would be a slight miscalculation.) In addition to RHEL-provided documentation and the NSA pamphlet you should minimally be aware of the (security) documentation provided by the interpreter, web server, database plus whatever you intend to run on top of that (forum, web log, photo gallery, shopping cart, statistics package, etc, etc), the OWASP Top 10 (https://www.owasp.org/index.php/Cate...op_Ten_Project), (preferably the SANS Top 20 http://www.sans.org/critical-security-controls/ too), the CISecurity Linux benchmarks (http://www.cisecurity.org/bench_linux.html) for your distribution of choice and tools like OpenVAS for testing purposes.

* Also since it appears you have chosen to use CloudLinux, which is a non-standard paid-for modification of RHEL / CentOS, you may be entitled to their support.

sundialsvcs · 01-17-2013, 08:48 AM

Remember, security is a process, not a product. (In spite of all the millions of dollars that folks like Peter Norton made from the reversal of this idea.) The security doesn't come from the brand of lock that you buy to install on any particular doorway. All the information you need is readily available on-line, but you also have to develop (again using the information of others) a strategy for applying it. The key is to understand: what software is installed, why it's there, how it's actually configured, and how it could be exploited by others. One of the best-all-around resources is the Security sub-forum right here. The esteemed persons (not including myself) who have already responded to you on this thread, are themselves experts. Listen carefully.

To me, control-panel software of all kinds is a serious security risk in and of itself, and nearly every server I've been associated with that was penetrated was exploited through exploitation of that kind of software. (It is "convenient," yes, but it is also: pervasive, complex, and normally poorly-understood.) And yet, you might not be able to change it. What you can do, though, is to understand it. Minimize it down to what you actually use. Look on the Internet for every document you can find that discusses exploits. Keep the software extremely up-to-date. Be attentive. Thieves do not draw attention to their presence, but they always must leave signs.

acid_kewpie · 01-17-2013, 09:01 AM

Quote:

Originally Posted by sundialsvcs

To me, control-panel software of all kinds is a serious security risk in and of itself, and nearly every server I've been associated with that was penetrated was exploited through exploitation of that kind of software. (It is "convenient," yes, but it is also: pervasive, complex, and normally poorly-understood.) And yet, you might not be able to change it. What you can do, though, is to understand it. Minimize it down to what you actually use. Look on the Internet for every document you can find that discusses exploits. Keep the software extremely up-to-date. Be attentive. Thieves do not draw attention to their presence, but they always must leave signs.

I'd certainly agree there was a correlation to panel usage and attacks, but I don't think it's that causative. I think it's more the consequence of the average skill level of the average person who feels a panel is good for them. someone finding a cPanel install is probably likely to take that as a hint to dig further about other underlying services for likely mis-management too.