Portal Home > Knowledgebase > Articles Database > Is this secure, and if not how can I secure it?
Is this secure, and if not how can I secure it?
| Posted by Looie, 07-10-2012, 03:55 PM |
| First of all, when I rebuild a VPS, I always run passwd first (due to a major bug I've noticed in a lot of VPS templates)
then I change the SSH port, update sources.list to mirrors for the same countries, and change it to wheezy main contrib non-free
then I run apt-get update && apt-get dist-ugprade && apt-get install lighttpd php5-cgi (optional mysql-server php5-mysql)
should this already be secure, or do you need to do more things to it? is there any reason I can't leave ports open, as nothing would be running on them anyway (actually, how can I disable accessing mysql remotely in my.cnf, as phpmyadmin accesses it through localhost anyway)?
btw, this isn't for hosting or anything like that, just personal use, but I'm interested in making it secure anyway. I guess I could install fail2ban as well, does this need configuring?
thanks
|
| Posted by diman, 07-11-2012, 03:55 AM |
| Yes, you are doing well. I'd also suggest to close MySQL port, disable services you don't need and limit access to PMA by IP. Keeping your system updated is a key to get secure server. For instance, if you have Centos or Fedora you can install yum-plugin-security and get a notify if there any security updates:
|
| Posted by david510, 07-11-2012, 04:58 AM |
| I would say you will need a firewall too where you can block all ports which are not needed.
|
| Posted by batz_one, 07-11-2012, 05:26 AM |
| Secure /tmp?
|
| Posted by racknap1, 07-11-2012, 01:23 PM |
| Hi,
There are more than a particular ways to secure it, you can either got for csf with iptables, or you can go for mod_security. You can check other security tips over here.
|
| Posted by PCS-Chris, 07-11-2012, 01:54 PM |
| Are you rebuilding from a template you created?
If so one thing a lot of people miss (Which could be a major security issue), is that every VPS built from the template uses the same SSH keypairs.
You should empty out the key files in /etc/ssh before templating. Some OS's will automatically generate new keys if they are missing, for others you will need to setup a runonce script which generates them on first boot.
If you are worried about security, consider leaving SELinux turned on. I dont know about Debian but in CentOS/RHEL the tools are getting much better with each release.
|
| Posted by Looie, 07-11-2012, 02:45 PM |
| Hi, thanks for the replies
I'm using Debian
My host has a GUI front end for configuring a firewall with iptables rules but I don't know how to use it (I've emailed them though) - Am I right in thinking I should block every single port except SSH and HTTP (all I use)?
how do I secure /tmp (and what are the benefits of this)?
Also, for the post above, what are key pairs used for? I log into SSH with password authentication, but will create another account and install sudo
however, when modifying files on there, I use root with WinSCP, otherwise I don't have permission to modify /var/www/ - is this okay?
|
| Posted by remo91, 07-30-2012, 02:23 AM |
| Try disabling anonymous FTP access to the server.
|
| Posted by cPBackup, 07-30-2012, 05:09 AM |
| Enable cPanel's Security Questions & Answers. Works well! better than bruteforce which can easily block you out of root account.
|
| Posted by racknap1, 07-30-2012, 01:16 PM |
| Hi,
If you want to harden your server with CSF, then this link would be helpful for you.
|
Add to Favourites 
Print this Article
Also Read
