Cpanel/WHM FAQs

Home | Webstats | Frontpage | Disk Quota | FTP Problems | Exim | MySql | Exim Notes | Basic Commands | TCP Wrappers | Kernel Compilation| Nagios| Harddisk Restoration| Cpanel Scripts| IPTables
Search Query

RSS site feed|Webmaster Stuff|International Calling Cards|Linux Recovery|Server Recovery|Hard Drive Recovery|Raid Recovery

Various Server Hardening techniques

Binary Hardening

1)Disbale ping
echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf
echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf
/sbin/sysctl -p
2)chmod 700 {/usr/bin/bcc, /usr/bin/byacc, /usr/bin/cc, /usr/bin/gcc, /usr/bin/i386-redhat-linux-gcc, /usr/bin/lynx}
chmod 000 /usr/bin/finger
chattr +i /usr/bin/finger
Disable telnet rm -rf /etc/xinetd.d/telnet
/etc/rc.d/init.d/xinetd restart
More hardening
chmod a-s {/usr/bin/at,/usr/bin/lockfile,/usr/bin/rcp,/usr/bin/rlogin,/usr/bin/rsh,/usr/bin/chage,/usr/bin/slocate,/usr/bin/wall,/usr/bin/chfn,/usr/bin/chsh,/usr/bin/write,/usr/bin/ssh,/usr/sbin/traceroute,/usr/sbin/utempter,/usr/sbin/usernetctl,/bin/ping,/bin/mount,/bin/umount,/sbin/netreport}
chmod 711 {/,/home*,/etc,/var,/usr/etc,/usr/local/etc,/var/log,/sbin,/usr/sbin,/usr/local/sbin}

Remove unnecessary RPMs
rpm -e {rwall-server rusers-server rwho rusers telnet-server ipchains lokkit isdn4k-utils isdn4k-utils-devel gpm links gpm-devel aumix sndconfig linuxconf-devel linuxconf XFree86-xfs chkfontpath ttfonts urw-fonts cups cups-drivers esound esound-devel samba samba-common samba-client inn inn-devel pidentd nscd nss_ldap a2ps ash mc bcm5820 eject hwcrypto pciutils kudzu-devel pciutils-devel redhat-logos inews foomatic pnm2ppa autofs raidtools mt-st reiserfs-utils apmd micq rsh talk talk-server rmt yp-tools ypbind ypserv cvs fetchmail mouseconfig hotplug elinks usbutils finger finger-server rdist radvd rsh-server lockdev lockdev-devel libusb libusb-devel rcs xdelta xdelta-devel nmh dhcpcd swig mutt metamail nfs-utils dump VFlib2 ghostscript cups-devel printconf jadetex docbook-utils docbook-utils-pdf cups-drivers-hpijs cups-drivers-pnm2ppa ghostscript-fonts VFlib2-devel efax cups-libs tetex tetex-afm tetex-dvilj tetex-latex passivetex tetex-dvips xmltex linuxdoc-tools xmltodocbook-utils docbook-style-dsssl lm_sensors docbook-style-xsl LPRng Omni watanabe-vf ttfonts-ja nkf tux mpage Omni-foomatic hpijs gimp-print minicom wvdial XFree86-truetype-fonts kernel-pcmcia-cs vim-enhanced xmlto VFlib2-conf-ja redhat-config-securitylevel fam w3m libgnome libgnomeui redhat-config-samba redhat-config-printer gnome-vfs2 libbonoboui gnome-python2-bonobo gnome-python2 redhat-config-network redhat-config-printer-gui redhat-config-services redhat-config-bind gtkhtml2 gnome-python2-gtkhtml2 redhat-config-packages redhat-config-nfs}

Remove unnecesary users

userdel -r {lp,games,gopher,ftp,ident,rpc,uucp,news,uucp,nfsnobody,operator,sync,adm}

Remove unnecessary groups

groupdel {lp,news,uucp,games,pppusers,popusers,slipusers,nfsnobody,operator,sync,adm}

MySQL Tweaking

Empty the current /etc/my.cnf and enter the following entries to /etc/my.cnf file

#-------------------------------------------------------------------------------------------------

[mysqld]
max_connections=900
max_user_connections=50
skip-locking
skip-innodb
query_cache_limit=1M
query_cache_size=32M
query_cache_type=1
interactive_timeout=50
wait_timeout=50
connect_timeout=10
thread_cache_size=128
key_buffer=256M
max_allowed_packet=16M
table_cache=1024
join_buffer=1M
sort_buffer_size=1M
read_buffer_size=1M
max_connect_errors=10
thread_concurrency=4
myisam_sort_buffer_size=64M
log-bin
server-id=1

[safe_mysqld]
open_files_limit=8192

[mysqldump]
quick
max_allowed_packet=16M

[mysql]
no-auto-rehash
[isamchk]
key_buffer=64M
sort_buffer=64M
read_buffer=16M
write_buffer=16M

[myisamchk]
key_buffer=64M
sort_buffer=64M
read_buffer=16M
write_buffer=16M

[mysqlhotcopy]
interactive-timeout

#----------------------------------------------------------------------------------------
/etc/rc.d/init.d/mysql stop;
/etc/rc.d/init.d/mysql start;


Chkrootkit and RKHunter

These softwares are commonly used for scanning the server to find if something wrong happens.

Download chkrootkit from here

Then extract the tarball and make sense and ./chkrootkit

The latest RKHunter can download from here. Then extract it and execute ./installer.sh and rkhunter --checkall. It will show the step by step scan reports.

Can I see a demo of Cpanel and WHM?

Yes, click here if you like to see a Cpanel Demo and click here if you like to see a demo of WHM. A pop up window will appear asking for username and password. Enter the username and password as cpdemo and cpdemo respectively.

Please send comments on these web pages to sumith at sumith.net

copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 Sumith Sreedhar
Verbatim copying and redistribution of this entire page are permitted provided this notice is preserved.

Valid HTML 4.01!