SSH Securing – For a better security of ssh connections.
Disabling Root Login and changing the listening port .
1.create a user for ssh like sshadminz
2.give the user wheel privilage through Whm
3.in /etc/ssh/sshd_config change the entry PermitRootLogin to no
4.in /etc/ssh/sshd_config change the entry #Port to Port xxxx (needed port,make sure that port is open in csf/iprules)
5.restart the sshd service
>ssh sshadminz@***.***.***.*** -p xxxx
Setting an SSH Legal Message
The message is contained within the following file: /etc/motd
ALERT! You are entering a secured area! Your IP and login information
have been recorded. System administration has been notified.
This system is restricted to authorized access only. All activities on
this system are recorded and logged. Unauthorized access will be fully
investigated and reported to the appropriate law enforcement agencies.
SSH In /etc/ssh/sshd_config,
#Protocol 2, 1
should be changed as
Protocol 2
AllowTcpForwarding no
Restart ssh service
# Only allow the following users SSH Access
AllowUsers User1 User2 etc
# Deny access to the following users
DenyUsers admin etc
# Set the timeout period for idle sessions (in seconds)
ClientAliveInterval 300
ClientAliveCountMax 0
# Disable Host-Based Authentication
HostbasedAuthentication no
# Remove ability to login as Root
PermitRootLogin no
# Change the default SSH Port (Not essential but can help uncomment if you want)
#Port 22
#ListenAddress 192.168.1.1
# Consider CHRooting users to their own directories.
# Subsystem sftp internal-sftp
#Match group sftponly
# ChrootDirectory /home/%u
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand internal-sftp
# Disable empty passwords from login
PermitEmptyPasswords no
# Set your required Log Level (Either INFO or DEBUG)
LogLevel INFO
# Turn on privilege separation
UsePrivilegeSeparation yes
# Prevent the use of insecure home directory and key file permissions
StrictModes yes
# Turn on reverse name checking
VerifyReverseMapping yes
# Do you need port forwarding?
AllowTcpForwarding no
X11Forwarding no
# Specifies whether password authentication is allowed. The default is yes.
PasswordAuthentication no
Saturday, February 9, 2013
CSF AND BFD install
APF or CSF – A policy based iptables firewall system used for the easy configuration of iptables rules.
cd /usr/local/src
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
echo "CSF successfully installed!"
When your configuration is complete, you need to set the following in /etc/csf/csf.conf to disable “TESTING” mode and enable your firewall:
TESTING = “1″
to
TESTING = “0″
Brute Force Detection – BFD is a shell script for parsing applicable logs and checking for authentication failures and blocks the attackers ip in the firewall
cd /usr/local/src
wget http://www.rfxn.com/downloads/bfd-current.tar.gz
tar -xvzf bfd-current.tar.gz
cd bfd-1.4
./install.sh
echo -e "Please enter your email:"
read email
echo "You entered: $email"
echo "ALERT_USR="1"" >> /usr/local/bfd/conf.bfd
echo "EMAIL_USR="$email"" >> /usr/local/bfd/conf.bfd
echo "Brute Force Detection has been installed!"
echo "Email would be sent to $email"
/usr/local/sbin/bfd -s
cd /usr/local/src
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
echo "CSF successfully installed!"
When your configuration is complete, you need to set the following in /etc/csf/csf.conf to disable “TESTING” mode and enable your firewall:
TESTING = “1″
to
TESTING = “0″
Brute Force Detection – BFD is a shell script for parsing applicable logs and checking for authentication failures and blocks the attackers ip in the firewall
cd /usr/local/src
wget http://www.rfxn.com/downloads/bfd-current.tar.gz
tar -xvzf bfd-current.tar.gz
cd bfd-1.4
./install.sh
echo -e "Please enter your email:"
read email
echo "You entered: $email"
echo "ALERT_USR="1"" >> /usr/local/bfd/conf.bfd
echo "EMAIL_USR="$email"" >> /usr/local/bfd/conf.bfd
echo "Brute Force Detection has been installed!"
echo "Email would be sent to $email"
/usr/local/sbin/bfd -s
ClamAV is the best malicious scanning tool which comes with Cpanel/ WHM on Linux server.
ClamAV is the best malicious scanning tool which comes with Cpanel/ WHM on Linux server.
You can use following steps to install and scan Clam AV.
Login your WHM >>> find the option "Manage Plugins >>> select Clam AV >>> install.
Once it is install then login your Linux server via SSH and create a directory under /home using following command.
cd /home; mkdir clamscan-infectedfiles
And then use following command to scan the Clam AV.
clamscan --exclude mail --exclude clamscan-infectedfiles -ri [a-z]* --move=clamscan-infectedfiles
Once the scanning process is completed then you will get the complete scanning report in following format.
==============================
----------- SCAN SUMMARY -----------
Known viruses:
Engine version:
Scanned directories:
Scanned files:
Infected files: 0
Data scanned: MB
Data read: MB (ratio 0.89:1)
Time: 000.000 sec (10 m 21 s)
=====================================
You can use following steps to install and scan Clam AV.
Login your WHM >>> find the option "Manage Plugins >>> select Clam AV >>> install.
Once it is install then login your Linux server via SSH and create a directory under /home using following command.
cd /home; mkdir clamscan-infectedfiles
And then use following command to scan the Clam AV.
clamscan --exclude mail --exclude clamscan-infectedfiles -ri [a-z]* --move=clamscan-infectedfiles
Once the scanning process is completed then you will get the complete scanning report in following format.
==============================
----------- SCAN SUMMARY -----------
Known viruses:
Engine version:
Scanned directories:
Scanned files:
Infected files: 0
Data scanned: MB
Data read: MB (ratio 0.89:1)
Time: 000.000 sec (10 m 21 s)
=====================================
Subscribe to:
Posts (Atom)