Portal Home > Knowledgebase > Articles Database > What is the best tool to secure my Cpanel server ?
What is the best tool to secure my Cpanel server ?
| Posted by danix4u, 01-04-2015, 10:38 PM |
| WHT folks,
I am looking for a tool that can scan my server from malwares, rootkits, viruses and also check the security of the server and provide recommendations, so far I am running the below
CSF/LFD
ClamAV Antivirus
Thinking to install:
LMD Or
MALDET Or
RKHUNTER
Do I need all the of the above? But do not know which can replace all those?
Also, do you know any good log management/mintoring tool?
|
| Posted by MilesWeb, 01-05-2015, 08:12 AM |
| I will recommend you to install maldet, rkhunter and chkrootkit. Will come handy. You can even write a script which will use these utilities and send you are report.
You can also consider using http://www.configserver.com/cp/cxs.html
|
| Posted by Srv24x7, 01-05-2015, 10:24 AM |
| Hi,
Maldet may not be that useful. RKhunter and clamscan including maldet are all manually triggered scanners. They do not do any active scanning. For any active scanning, CXS is the best tool available that scans all the traffic on the fly.
|
| Posted by ZonedHost, 01-05-2015, 10:27 AM |
| CXS is great; but at a cost. Maldet along with ClamAV/RKHunter, CHROOTKIT and CSF is probably the minimum that I would suggest.
|
| Posted by TempleNode, 01-05-2015, 10:54 AM |
| You can use maldet with mod_security or suhosin to trigger scanning for uploaded files.
Also maldet can be used to scan once per day all webfiles and send report back to you.
|
| Posted by danix4u, 01-05-2015, 01:02 PM |
| So if I buy CXS will it replace ClamAV,RKhunter, MALDET? Is CXS the best tool available to secure a server besides CSF/LFD?
|
| Posted by JamesCanales, 01-06-2015, 04:37 AM |
| Here are the possible things that you need to be do Cpanel server more secure.
1.) Use secure passwords
2.) Secure SSH
3.) Secure Apache
4.) Lock down your systems compilers
5.) Turn off unused services and daemons
6.) Monitor your system
7.) Enable a firewall
8.) Stay up to date
|
| Posted by danix4u, 01-06-2015, 08:58 PM |
| I did all that still I feel I need to do more. So does CXS replaces LMD, RKhunter, etc? Anyone did the cpanel server service from the guys who do CSF and CXS?
|
| Posted by edigest, 01-08-2015, 04:11 AM |
| CXS is not a replacement for RKHunter/ChkRootkit and vice versa.
RKHunter and ChkRootkit are mostly for detecting rootkits. (RKHunter does a little more than that.) Rootkits are compromises of the "root" -- the server at the OS or kernel level.
CXS protects against web site compromises. It can be configured to look at uploads in real-time and periodically scan web space looking for signatures of common website compromises.
So, you should use both.
There is no need to order the install service from Configserver. Installing both CSF and CXS is quite easy. Configuring takes a little effort but I would not want to outsource configuration anyway -- what better way to learn what the app does?
|
| Posted by net, 01-08-2015, 04:54 AM |
| Don't think that these tools are enough to secure your server. There are plenty things to be done including your kernel setting, software installed, etc...
|
| Posted by WPCYCLE, 01-08-2015, 11:37 AM |
| All elements of security can be automated to do daily scans. No company would have time to manually run a scan on all their servers.
Plus some of the resources mentioned work together like Maldet and ClamAV.
|
| Posted by supportoperator, 01-08-2015, 12:13 PM |
| you even use Mod_security & add rules to protect your websites against the initial attack.
|
| Posted by danix4u, 01-09-2015, 11:50 AM |
| Can someone show me how to install the below or send me the steps from a page:
RKhunter
CHkrootkit
|
| Posted by TmzHosting, 01-09-2015, 12:15 PM |
| http://www.tecmint.com/install-linux...os-and-fedora/
You can search for the other one on google also.
- Daniel
|
| Posted by brianoz, 01-09-2015, 07:55 PM |
| If you're looking to secure your cPanel server it's smartest to hire one of the well known server hardening companies. I use ConfigServer but there are others that are also good.
Even if you only get your first few servers hardened, it keeps them safe while you learn what's needed.
While you can learn from the net, it takes time for the average person to pick up what they need - I'd guess several years for most, there's a lot to pick up about securing a cpanel server well.
Some things missing from the above list -
file permissions for .php files so not readable by others (600)symlink hack hardeningcloudlinux (does the above two, plus prevents most load spikes taking the server down)upload scanning and virus scanning (I use CXS)regular site virus/hack scanningsome form of regularly updated mod_security rulesif you're running a kernel that supports ipset (Centos 5.6+?) enable the CSF protection against known bad sitesKsplice for automated kernel updates on the fly (without reboots)Turn off unused daemons and servicesRe-read the above about getting your server hardened by a specialist Some sort of measure to stop outgoing SMTP Auth spam (common)This list changes over time ....Other things I can't remember right now
Honestly, even if you do some of the above list, plus those you mentioned previously, you've already elevated yourself above most hosts. Even the large ones don't do all of the above.
Re outgoing spam - some servers require people to use outgoing transactional mail services like Sendgrid or Mandrill or one of the many others. These scan outgoing email a lot better and manage the process very tightly, which would actually give you better reliability anyway.
|
| Posted by kpmedia, 01-09-2015, 09:13 PM |
| A quality specialist is not easy to find anymore.
Ksplice really has nothing to do with security. That's just a preference.
Not just CloudLinux, but CageFS.
|
| Posted by brianoz, 01-09-2015, 09:36 PM |
| Quality specialist hard to find: agreed
Ksplice: disagree, the automated rebootless install is quite valuable unless you have a large enough team to go around running "yum update kernel; shutdown -r -y now" everywhere. Bear in mind that a major kernel bug will start getting exploited quite quickly and Ksplice gives automated coverage within guesstimate of 24 hours max - probably 6 hours. Let me know if I'm missing something?
CageFS: agreed, absolutely, vital.
|
Add to Favourites 
Print this Article
Also Read
