How To Install Portsentry On Centos

broken image


PortSentry is part of the Abacus Project suite of security tools. It is a program designed to detect and respond to port scans against a target host in real-time. PortSentry will detect SYN/half-open, FIN, NULL, X-MAS and oddball packet stealth scans. PortSentry has an internal state engine to remember hosts that connected previously.

  • Now portsentry is installed you can edit the configuration file portsentry.conf this file is well. Commented so I wont go into detail. Once you have edited the config file open the portsentry.ignore. File and you should see the following: # Put hosts in here you never want blocked.
  • I have here a CentOS 5 and I'm trying to run yum install php-soap but the installer hangs on and the last step is Running Transaction Test. I found out that NFS shares are the problem.

cPanel Installation and Security

This documentation covers how to install cPanel on a fresh Linux server and how to do initail server security.

cPanel Installation :

* cPanel can be install on Redhat based Linux servers and FreeBSD
* A freshly build latest stable Centos server is highly recommended Flitecad software.

How to Install cPanel :

* Yum must be installed before installing cPanel. All most all Redhat based servers will have yum preinstalled, if not installed install it from rpm ( http://rpm.pbone.net/ ).

# Update the system using Yum

$ yum update

# Disable selinux on dedicated servers. Set SELINUX=disabled in /etc/selinux/config

# Reboot the system

$ reboot

# Download the cPanel installer and run

$ cd /root; wget http://httpupdate.cpanel.net/latest; chmod +x latest; ./latest

How to install portsentry on centos command

Server security:

* Remove telnet server; we dont want that.

$ rpm -e telnet-server
* Check xinetd enabled services and dsiable them. Run below command and disable all services which shows ‘disable = no'

$ cd /etc/xinetd.d; grep disable ./*

How To Install Portsentry On Centos Command

* Disable xinetd service itself. cPanel donot use xinetd

$ /etc/init.d/xinetd stop; chkconfig xinetd off

# Add a system user eg:- administrator

$ useradd administrator

# Reset the administrator password. A strong password can be generated using following command

$ mkpasswd -l 16

# Also reset the root password to a strong one

# Add administrator user to sudoer list. After this verify administrator user can sudo to root user.

$ visudo

# Permit ‘su' for only wheel group members. Open /etc/pam.d/su and add (order is important) or uncomment

auth required pam_wheel.so use_uid

# Disable SSH protocol 1 and enable SSH protocol 2 in /etc/ssh/sshd_config

# Disable rootlogin in /etc/ssh/sshd_config (Make sure some user eg:- administrator is added in sudoer list with full privilege)

# Set a banner of legal warning in SSH. Add the contents in /etc/sshBanner.txt and add following to /etc/ssh/sshd_config

Banner /etc/sshBanner.txt

# Restart SSH service

$ /etc/init.d/sshd restart

# Change SSH port. Open /etc/ssh/sshd_config and change Port 22

# Install AFICK. Download latest afick rpm from http://sourceforge.net/projects/afick/files/afick/

$ rpm -ivh afick-x.x.x.x.noarch.rpm

# Open /etc/afick.conf and set email id and enable cron run.

@@define MAILTO email_id
@@define BATCH 1

# Ensure that AFICK donot update its database after a cron run. Database update should be run manually by sysadmin, else if we miss a cron email we will miss the file changes alert. Open /etc/cron.daily/afick_cron and set ACTION='-k'.

# Initialize AFICK database

$ afick -c /etc/afick.conf -i -P

# Disable DNS recursion and version publish. Open /etc/named.conf and set

Options {
recursion no;
version 'No version for you';
….

# Restart bind

$ /etc/init.d/named restart

# Disable Exim version printing. Add following to /usr/local/cpanel/etc/exim/config_options

smtp_banner = '${primary_hostname} ESMTP Mail service ready'

# Rebuild eximconf and restart exim service

$ /scripts/buildeximconf && /scripts/restartsrv_exim

# Disable anonymous user login in /etc/pure-ftpd.conf

NoAnonymous yes

# Disable pure-ftpd default banner. This shows server time and ftp service name. Create a file /etc/ftpWelcome.txt and add 'FTP Service Is Ready'. Now open /etc/init.d/pure-ftpd and add

OPTIONS='-F /etc/ftpWelcome.txt'

# Restart ftp serivce

$ /scripts/restartsrv_ftpserver

# Disable apache signature. Open /usr/local/apache/conf/httpd.con and add/edit as follows

ServerSignature Off
ServerTokens Prod

# Permanently save the change

$ /usr/local/cpanel/bin/apache_conf_distiller –update

# Restart apache

$ /etc/init.d/httpd restart

Jde manual. # Install Rkhunter. Download latest rkhunter from http://www.rootkit.nl/projects/rootkit_hunter.html

$ tar -xvzf rkhunter-x.x.x.tar.gz; cd rkhunter-x.x.x; ./installer.sh –layout /usr/local –install; /usr/local/bin/rkhunter –update

# Create rkhunter cron job. Create file /etc/cron.daily/rkhunter.sh and add the following. Make sure to replace replace-this@with-your-email.com with the system administrator email address

#!/bin/bash
(/usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s 'RKhunter Scan Details' replace-this@with-your-email.com)

# Give execute permission for the script

Centos

Server security:

* Remove telnet server; we dont want that.

$ rpm -e telnet-server
* Check xinetd enabled services and dsiable them. Run below command and disable all services which shows ‘disable = no'

$ cd /etc/xinetd.d; grep disable ./*

How To Install Portsentry On Centos Command

* Disable xinetd service itself. cPanel donot use xinetd

$ /etc/init.d/xinetd stop; chkconfig xinetd off

# Add a system user eg:- administrator

$ useradd administrator

# Reset the administrator password. A strong password can be generated using following command

$ mkpasswd -l 16

# Also reset the root password to a strong one

# Add administrator user to sudoer list. After this verify administrator user can sudo to root user.

$ visudo

# Permit ‘su' for only wheel group members. Open /etc/pam.d/su and add (order is important) or uncomment

auth required pam_wheel.so use_uid

# Disable SSH protocol 1 and enable SSH protocol 2 in /etc/ssh/sshd_config

# Disable rootlogin in /etc/ssh/sshd_config (Make sure some user eg:- administrator is added in sudoer list with full privilege)

# Set a banner of legal warning in SSH. Add the contents in /etc/sshBanner.txt and add following to /etc/ssh/sshd_config

Banner /etc/sshBanner.txt

# Restart SSH service

$ /etc/init.d/sshd restart

# Change SSH port. Open /etc/ssh/sshd_config and change Port 22

# Install AFICK. Download latest afick rpm from http://sourceforge.net/projects/afick/files/afick/

$ rpm -ivh afick-x.x.x.x.noarch.rpm

# Open /etc/afick.conf and set email id and enable cron run.

@@define MAILTO email_id
@@define BATCH 1

# Ensure that AFICK donot update its database after a cron run. Database update should be run manually by sysadmin, else if we miss a cron email we will miss the file changes alert. Open /etc/cron.daily/afick_cron and set ACTION='-k'.

# Initialize AFICK database

$ afick -c /etc/afick.conf -i -P

# Disable DNS recursion and version publish. Open /etc/named.conf and set

Options {
recursion no;
version 'No version for you';
….

# Restart bind

$ /etc/init.d/named restart

# Disable Exim version printing. Add following to /usr/local/cpanel/etc/exim/config_options

smtp_banner = '${primary_hostname} ESMTP Mail service ready'

# Rebuild eximconf and restart exim service

$ /scripts/buildeximconf && /scripts/restartsrv_exim

# Disable anonymous user login in /etc/pure-ftpd.conf

NoAnonymous yes

# Disable pure-ftpd default banner. This shows server time and ftp service name. Create a file /etc/ftpWelcome.txt and add 'FTP Service Is Ready'. Now open /etc/init.d/pure-ftpd and add

OPTIONS='-F /etc/ftpWelcome.txt'

# Restart ftp serivce

$ /scripts/restartsrv_ftpserver

# Disable apache signature. Open /usr/local/apache/conf/httpd.con and add/edit as follows

ServerSignature Off
ServerTokens Prod

# Permanently save the change

$ /usr/local/cpanel/bin/apache_conf_distiller –update

# Restart apache

$ /etc/init.d/httpd restart

Jde manual. # Install Rkhunter. Download latest rkhunter from http://www.rootkit.nl/projects/rootkit_hunter.html

$ tar -xvzf rkhunter-x.x.x.tar.gz; cd rkhunter-x.x.x; ./installer.sh –layout /usr/local –install; /usr/local/bin/rkhunter –update

# Create rkhunter cron job. Create file /etc/cron.daily/rkhunter.sh and add the following. Make sure to replace replace-this@with-your-email.com with the system administrator email address

#!/bin/bash
(/usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s 'RKhunter Scan Details' replace-this@with-your-email.com)

# Give execute permission for the script

$ chmod +x /etc/cron.daily/rkhunter.sh

# Securing tmp

$ /scripts/securetmp

# Root and administrator (sudo user) login alerts. Add following to both /root/.bashrc and /home/administrator/.bashrc (Change the subject line as needed)

echo 'ALERT – Root Shell Access on `hostname`:' `date` `who` |mail -s 'Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`' replace-this@with-your-email.com

# Install apf (firewall)

$ wget http://www.rfxn.com/downloads/apf-current.tar.gz
$ tar -xvzf apf-current.tar.gz
$ cd afp-x.x.x
$ ./install.sh

# The installer will display the current opened TCP and UDP ports. Copy them and add it to IG_TCP_CPORTS and IG_UDP_CPORTS respectively in /etc/apf/conf.apf. We also need to enable ports 0-1024 (both TCP and UDP) in apf for portscanner detector to work, so add 0_1024 to IG_TCP_CPORTS and IG_UDP_CPORTS

# Start apf

$ apf -s

# Install BFD (brute force detector)

$ wget http://www.rfxn.com/downloads/bfd-current.tar.gz
$ tar -xvzf bfd-current.tar.gz
$ cd bfd-x.x.x
$ ./install.sh
$ bfd -s

# Install portsentry (port scanner detector) from ftp://ftp.pbone.net/mirror/ftp.falsehope.net/home/tengel/fedora/4/te/i386/RPMS/portsentry-1.2-1.te.i386.rpm

# open /etc/portsentry/portsentry.conf and comment KILL_ROUTE and add

KILL_RUN_CMD='/usr/local/sbin/apf -d $TARGET$ ‘Portscan detected on port $PORT$''

$ /etc/init.d/portsentry restart

# Enable suphp and suexec

$ /usr/local/cpanel/bin/rebuild_phpconf –no-htaccess 5 none suphp 1

# Run /scripts/easyapache and enable mod_security

# Load mod_esecurity rules

$ cd /usr/local/apache/conf/
$ wget http://updates.atomicorp.com/channels/rules/delayed/modsec-2.5-free-latest.tar.bz2
$ tar -xvjf modsec-2.5-free-latest.tar.bz2
$ cd modsec/
$ perl -i -pe ‘s//etc/asl/whitelist/whitelist.txt/' *
$ > domain-spam-whitelist.conf
$ mkdir /usr/local/apache/conf/modsec/ip
$ mkdir /usr/local/apache/conf/modsec/global

# open /usr/local/apache/conf/modsec/00_asl_rbl.conf and add

SecDataDir /usr/local/apache/conf/modsec

# open /usr/local/apache/conf/modsec2.conf and add

Include '/usr/local/apache/conf/modsec/*.conf'

# Restart apache

$ /etc/init.d/httpd restart

cPanel Settings :

# Goto Main >> Server Configuration >> Basic cPanel & WHM Setup and set the contact information

# Goto Main >> Server Configuration >> Tweak Settings >> All and

Enable SpamAssassin spam filter = enabled
GIEmail and CGIEcho = disabled
Cookie IP validation = strict
Generate core dumps = off
Send passwords when creating a new account = off
Blank referrer safety check = on
Referrer safety check = on
Require SSL = on
Enable HTTP Authentication = off
Allow PHP to be run by resellers in WHM = off
Use MD5 passwords with Apache = on
Security Tokens = on
Default shell jailed = on

# Goto Main >> Security Center >> Apache mod_userdir Tweak and enable 'Enable mod_userdir Protection'

# Goto Main >> Security Center >> Compiler Access and disable compilers for unprivileged users

# Main >> Security Center >> Configure Security Policies and

Password Age = enabled (30 days)
Password Strength = enabled (15 characters)
XML-API and JSON-API requests = enabled
DNS cluster requests = enabled

# Goto Main >> Security Center >> cPHulk Brute Force Protection and enable burte force protection

# Goto Main >> Security Center >> PHP open_basedir Tweak and enable 'Enable php open_basedir Protection.'

# Goto Main >> Security Center >> Security Questions and setup the security question

# Goto Main >> Security Center >> Shell Fork Bomb Protection and enable protection

How To Install Portsentry On Centos Server

# Goto Main >> Security Center >> SMTP Tweak and enable protection

# Goto Main >> Security Center >> Traceroute Enable/Disable and disable traceroute Granite city coleslaw recipe.

# Goto Main >> Account Functions >> Manage Shell Access and disable shell access for all user. If shell access is required only enable jailed shell

# Goto Main >> cPanel >> Manage Plugins and install Clamav

Daha güvenli bir cpanel için cpanel güvenlik ile iletişime geçebilirsiniz.

Ayhan ARDA





broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save