Basic Linux VPS Security Measures

Basic Linux VPS Security Measures



Due to virtualisation technology it is easier and cheaper to get a VPS server. Many clients are upgrading their existing Linux shared hosting packages to Linux servers, so that they can take advantage of having their own dedicated resources. However getting a VPS comes with responsibility to manage it securely.

Many novice users are not sure about how to secure their servers properly, so that hackers could not get in. In most cases, web hosting companies offer basic assistance when it comes to securing your server. But it is peace of mind to have a secured server rather than waiting for attack to be started. Whether if you are good with managing servers or not, here are some basic steps to make your server secured to an acceptable level.

1. The main basic step is to install software firewall like CSF(Config Server Firewall) on your Linux VPS server. CSF is considered the best and advanced firewall for Linux VPS and dedicated servers, because its free and has more configurable options compared to other firewalls that are available on the market. It is very easy to install and configure so that even the most novice of administrators can configure and use it.

If you are unsure how can you do it then there are two options:

Buy server management and submit a ticket to technical support team to install it for you.
or
Install yourself using the URL:

https://www.crucial.com.au/blog/2012/06/22/secure-your-linux-vps-using-csf-firewall/

2.  Rootkit Hunter  abbreviated as “RKH” is a security monitoring and analyzing tool for POSIX compliant systems. It will help you detect known rootkits, malware and signal bad security practices. RKH scans for changed file properties similar to the criteria that file integrity checkers use. It is totally dependent on that you have a correct database to scan from. This can be achieved by installing Rootkit Hunter right after a clean Operating System installation. It is not a reactive tool but it only determines encountered threats. So It depends upon you to go through log file and investigate suspicious activity. For more information:  http://rkhunter.sourceforge.net/

3. Telnet should always be disabled on web servers. It does not encrypt any data sent over the port 23, so hackers can intercept the packets passing by and obtain login details and other information.  Here is how you can disable it

Login to your server through SSH as a root user and open the following file

# vi /etc/xinetd.d/telnet

Look for the line: disable = no

Change it to yes and restart the xinetd service:

#/etc/rc.d/init.d/xinetd restart

#/sbin/chkconfig telnet off

Scan your server to ensure port 23 is not open

#nmap -sT -O localhost

Also run ps -aux | grep telnet  and kill the process.

4. Securing /tmp Partition in your server
In most cases malware scripts are uploaded to /tmp partition and executed from there to exploits server resources. That’s why it is very important to secure this /tmp. If you are running cPanel on your Linux VPS server then just run the following command in shell to secure it:

#  /scripts/securetmp

However if you are not running cpanel then add the following line to /etc/fstab. So that you can mount /tmp with noexec and nosuid in the server and it will ensure that no executables are able to run in /tmp.

none /tmp tmpfs nodev,nosuid,noexec  0  0

5. Disable root Login on ssh port 22
It is better to disable direct root login via ssh and change default ssh port.
For more information, please visit these URLs:

http://tldp.org/HOWTO/html_single/Security-HOWTO/

https://access.redhat.com/knowledge/docs/Red_Hat_Enterprise_Linux/?locale=en-US

Cheers!



Categories

  • Thanks a lot for composing “Basic Linux VPS Security Measures | Crucial Cloud Hosting Blog”.
    I actuallymight really wind up being back for alot more
    reading and writing comments in the near future. Thanks, Jerri