PDA

View Full Version : Free Server Security Setup and Optimization


misshost
May 20th, 2007, 13:03
Hello everyone

I can help regarding server security setup, optimization and other issues. I don't need your server access or anything. Will just reply you here for your problems :p


Have fun
krakjoe
May 20th, 2007, 13:14
What qualifies you to do offer these services ???

Forgive my asking, but with only 9 posts, you won't be very well known, I see no links to hosting companies in your sig or post and so I would suspect that handing my login details over to a total stranger, that doesn't even seem to own a website let alone hosting company, would be a pretty stupid thing to do, even if it is free .......
misshost
May 20th, 2007, 13:28
you are right krakjoe but I am new to the forum but not to linux/cpanel. Plus i am working on my website that i will launch by the end of this month.

And yes its quite strange to offer such services at this point.

krakjoe, i am going to edit the the post
misshost
May 20th, 2007, 13:32
@krakjoe

I have modified my post. Now it fits to the situation i am in ;)
Galaxy-Hosts.com
May 20th, 2007, 13:41
That is a very generous offer. What steps would you recommend to secure and harden a CentOS/DirectAdmin server?
misshost
May 20th, 2007, 13:58
install and config Firewall preferably apf (advance policy firewall) along with bfd (brute force detector). Secure ssh login. Always use version 2 and restrict it to some ip and disallow direct root logins.

Always compile apache with safe mode and do turn on safe_mode under php.ini. It will save your server from getting root access.

Alot more are there to do but these are basic protections.
Galaxy-Hosts.com
May 20th, 2007, 14:05
Thanks. What ports would I have to open in APF for DirectAdmin, and everything else, to work properly?
misshost
May 20th, 2007, 14:14
though i am not a big fan of DA but this will help you.

IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2222,8000,8050,8005,3784"
IG_UDP_CPORTS="21,53,8000,8050,8005,3784"

EG_TCP_CPORTS="21,22,25,37,43,53,80,443,8000,8050, 8005,3784"
EG_UDP_CPORTS="20,21,53,8000,8050,8005,3784"


Do note, if you change ssh port, you need to add that under IG_TCP_CPORTS and don't forget to restart apf ;)
misshost
May 20th, 2007, 14:16
similarly if you have installed any tools like shoutcast or any that are running on some specific ports, do allow then too under IG_TCP_CPORTS or they won't work.
Galaxy-Hosts.com
May 20th, 2007, 19:49
:p Very good, you do have an idea of what you are talking about.