kalidust
06-09-2005, 02:26 PM
A friend of mine who runs some servers suggested that we do these things. Wanted to check to see if any of them shouldn't be done.
Change ssh port
Install and configure ssh key passwordless login
Build apache w/phpsuexec
Build php
Install zend optimizer
- Disable telnet
- Disable talk
- Change ftp to pureftp
- Disable Anonymous FTP
- Enable Shell Fork Bomb/Memory Protection
- Install mod_dosevasive into apache
- Install mod_security into apache
chmod 700 -> these files
/bin/df
/bin/dmesg
/bin/mount
/bin/rpm
/usr/bin/write
/usr/bin/talk
/usr/bin/ipcrm
/usr/bin/ipcs
/usr/bin/free
/usr/bin/locate
/usr/bin/wall
/usr/bin/finger
/sbin/arp
/sbin/ifconfig
/usr/sbin/repquota
/usr/sbin/tcpdump
/usr/bin/nmap
/usr/bin/wget
/usr/bin/lynx
/usr/lib/bcc
/usr/lib/bcc/bcc-cc1
/usr/i386-glibc21-linux/lib/gcc-lib/i386-redhat-linux/2.96/cc1
/usr/bin/perlcc
/usr/bin/byacc
/usr/bin/yacc
/usr/bin/bcc
/usr/bin/kgcc
/usr/bin/cc
/usr/bin/gcc
---------------------
APF:
wget -c http://rfxnetworks.com/downloads/apf-current.tar.gz
Add to start at boot:
chkconfig --add apf
chkconfig --level 345 apf on
SIM
wget -c http://rfxnetworks.com/downloads/sim-current.tar.gz
LSM
wget -c http://rfxnetworks.com/downloads/lsm-current.tar.gz
BFD
wget -c http://rfxnetworks.com/downloads/bfd-current.tar.gz
PRM
wget -c http://rfxnetworks.com/downloads/prm-current.tar.gz
rkhunter (http://www.rootkit.nl/projects/rootkit_hunter.html)
wget -c http://downloads.rootkit.nl/rkhunter-1.2.6.tar.gz
chkrootkit (http://www.chkrootkit.org/download/)
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
samhain (http://la-samhna.de/samhain/s_download.html)
wget http://la-samhna.de/samhain/samhaim_current.tar.gz
EXIM:
- Enable rbl blacklisting
- Enable increased logging
__________________
Change ssh port
Install and configure ssh key passwordless login
Build apache w/phpsuexec
Build php
Install zend optimizer
- Disable telnet
- Disable talk
- Change ftp to pureftp
- Disable Anonymous FTP
- Enable Shell Fork Bomb/Memory Protection
- Install mod_dosevasive into apache
- Install mod_security into apache
chmod 700 -> these files
/bin/df
/bin/dmesg
/bin/mount
/bin/rpm
/usr/bin/write
/usr/bin/talk
/usr/bin/ipcrm
/usr/bin/ipcs
/usr/bin/free
/usr/bin/locate
/usr/bin/wall
/usr/bin/finger
/sbin/arp
/sbin/ifconfig
/usr/sbin/repquota
/usr/sbin/tcpdump
/usr/bin/nmap
/usr/bin/wget
/usr/bin/lynx
/usr/lib/bcc
/usr/lib/bcc/bcc-cc1
/usr/i386-glibc21-linux/lib/gcc-lib/i386-redhat-linux/2.96/cc1
/usr/bin/perlcc
/usr/bin/byacc
/usr/bin/yacc
/usr/bin/bcc
/usr/bin/kgcc
/usr/bin/cc
/usr/bin/gcc
---------------------
APF:
wget -c http://rfxnetworks.com/downloads/apf-current.tar.gz
Add to start at boot:
chkconfig --add apf
chkconfig --level 345 apf on
SIM
wget -c http://rfxnetworks.com/downloads/sim-current.tar.gz
LSM
wget -c http://rfxnetworks.com/downloads/lsm-current.tar.gz
BFD
wget -c http://rfxnetworks.com/downloads/bfd-current.tar.gz
PRM
wget -c http://rfxnetworks.com/downloads/prm-current.tar.gz
rkhunter (http://www.rootkit.nl/projects/rootkit_hunter.html)
wget -c http://downloads.rootkit.nl/rkhunter-1.2.6.tar.gz
chkrootkit (http://www.chkrootkit.org/download/)
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
samhain (http://la-samhna.de/samhain/s_download.html)
wget http://la-samhna.de/samhain/samhaim_current.tar.gz
EXIM:
- Enable rbl blacklisting
- Enable increased logging
__________________