Server Hardening

Basic Server Hardening

Includes

  • Check Server Security
  • CHKRootKit - Detects hacker software and notifies via email
  • RootKit Hunter - A tool which scans for backdoors and malicious softwares present in the server.
  • APF or CSF - A policy based iptables firewall system used for the easy configuration of iptables rules.
  • SSH Securing - For a better security of ssh connections.
  • Host.conf Hardening - Prevents IP spoofing and dns poisoning
  • Sysctl.conf Hardening - Prevents syn-flood attacks and other network abuses.
  • FTP Hardening - Secure FTP software by upgrading to latest version
  • TMP Hardening - Hardening /tmp, /var/tmp, /dev/shm for preventing the execution of malicious scripts and codes.
  • PHP Hardening - Tweak PHP by changing the parameters of php configuration for better security and performance.
  • PHP Upgrade - Compile PHP to its latest stable version which increases server security.
  • Shell Fork Bomb/Memory Hog Protection - Protection against Telnet/SSH users using all of the server resources and causing a system crash.
  • Update Control Panel to latest version
  • Install Logwatch for investigating any suspicious activity on the server
  • Turn off unused services and daemons
  • Disabling Chargen to stop the server from being misused by an attacker in their efforts to disrupt another server.
  • Symlink Protection
  • Kernel Hardening
  • Crontab Hardening
  • MySQL Hardening
  • ClamAV - Is a cross-platform antivirus software tool-kit able to detect many types of malicious software, including viruses
  • Root Logger Notification of root access when someone login as root in the server along with the timestamp and ip address information.
  • Email Password Scan
  • Logwatch - Install Logwatch and review logwatch emails. Investigate any suspicious activity on the server.
  • IFTOP - Install IFTOP which displays a frequently updated list of network bandwidth utilization (source and destination hosts) that passing through the network interface
  • Turn off compilers. Most rootkits come precompiled but not all of them do. It will also prevent shell users from trying to compile any irc related programs.
  • Enable PHP open_basedir Protection - PHP open_basedir protection prevents users from opening files outside of their home directory with php.
  • Network Socket Inode Validation (NSIV)
  • Linux Environment Security (LES)
  • Mail Server Hardening
  • Installation/configuration of SpamAssassin & ClamAV, Realtime Blackhole Lists (RBLs), dictionary attack protection and rate limiting
  • Mod Security - Protects against web based attacks. Custom rule configuration as per needs.
  • Mod Evasive - Helps in stopping HTTP based DOS attacks.

Standard Server Hardening

Includes

  • Check Server Security
  • CHKRootKit - Detects hacker software and notifies via email
  • RootKit Hunter - A tool which scans for backdoors and malicious softwares present in the server.
  • APF or CSF - A policy based iptables firewall system used for the easy configuration of iptables rules.
  • SSH Securing - For a better security of ssh connections.
  • Host.conf Hardening - Prevents IP spoofing and dns poisoning
  • Sysctl.conf Hardening - Prevents syn-flood attacks and other network abuses.
  • FTP Hardening - Secure FTP software by upgrading to latest version
  • TMP Hardening - Hardening /tmp, /var/tmp, /dev/shm for preventing the execution of malicious scripts and codes.
  • PHP Hardening - Tweak PHP by changing the parameters of php configuration for better security and performance.
  • PHP Upgrade - Compile PHP to its latest stable version which increases server security.
  • Shell Fork Bomb/Memory Hog Protection - Protection against Telnet/SSH users using all of the server resources and causing a system crash.
  • Update Control Panel to latest version
  • Install Logwatch for investigating any suspicious activity on the server
  • Turn off unused services and daemons
  • Disabling Chargen to stop the server from being misused by an attacker in their efforts to disrupt another server.
  • Symlink Protection
  • Kernel Hardening
  • Crontab Hardening
  • MySQL Hardening
  • ClamAV - Is a cross-platform antivirus software tool-kit able to detect many types of malicious software, including viruses
  • Root Logger Notification of root access when someone login as root in the server along with the timestamp and ip address information.
  • Email Password Scan
  • Logwatch - Install Logwatch and review logwatch emails. Investigate any suspicious activity on the server.
  • IFTOP - Install IFTOP which displays a frequently updated list of network bandwidth utilization (source and destination hosts) that passing through the network interface
  • Turn off compilers. Most rootkits come precompiled but not all of them do. It will also prevent shell users from trying to compile any irc related programs.
  • Enable PHP open_basedir Protection - PHP open_basedir protection prevents users from opening files outside of their home directory with php.
  • Network Socket Inode Validation (NSIV)
  • Linux Environment Security (LES)
  • Mail Server Hardening
  • Installation/configuration of SpamAssassin & ClamAV, Realtime Blackhole Lists (RBLs), dictionary attack protection and rate limiting
  • Mod Security - Protects against web based attacks. Custom rule configuration as per needs.
  • Mod Evasive - Helps in stopping HTTP based DOS attacks.

Enterprise Server Hardening

Includes

  • Check Server Security
  • CHKRootKit - Detects hacker software and notifies via email
  • RootKit Hunter - A tool which scans for backdoors and malicious softwares present in the server.
  • APF or CSF - A policy based iptables firewall system used for the easy configuration of iptables rules.
  • SSH Securing - For a better security of ssh connections.
  • Host.conf Hardening - Prevents IP spoofing and dns poisoning
  • Sysctl.conf Hardening - Prevents syn-flood attacks and other network abuses.
  • FTP Hardening - Secure FTP software by upgrading to latest version
  • TMP Hardening - Hardening /tmp, /var/tmp, /dev/shm for preventing the execution of malicious scripts and codes.
  • PHP Hardening - Tweak PHP by changing the parameters of php configuration for better security and performance.
  • PHP Upgrade - Compile PHP to its latest stable version which increases server security.
  • Shell Fork Bomb/Memory Hog Protection - Protection against Telnet/SSH users using all of the server resources and causing a system crash.
  • Update Control Panel to latest version
  • Install Logwatch for investigating any suspicious activity on the server
  • Turn off unused services and daemons
  • Disabling Chargen to stop the server from being misused by an attacker in their efforts to disrupt another server.
  • Symlink Protection
  • Kernel Hardening
  • Crontab Hardening
  • MySQL Hardening
  • ClamAV - Is a cross-platform antivirus software tool-kit able to detect many types of malicious software, including viruses
  • Root Logger Notification of root access when someone login as root in the server along with the timestamp and ip address information.
  • Email Password Scan
  • Logwatch - Install Logwatch and review logwatch emails. Investigate any suspicious activity on the server.
  • IFTOP - Install IFTOP which displays a frequently updated list of network bandwidth utilization (source and destination hosts) that passing through the network interface
  • Turn off compilers. Most rootkits come precompiled but not all of them do. It will also prevent shell users from trying to compile any irc related programs.
  • Enable PHP open_basedir Protection - PHP open_basedir protection prevents users from opening files outside of their home directory with php.
  • Network Socket Inode Validation (NSIV)
  • Linux Environment Security (LES)
  • Mail Server Hardening
  • Installation/configuration of SpamAssassin & ClamAV, Realtime Blackhole Lists (RBLs), dictionary attack protection and rate limiting
  • Mod Security - Protects against web based attacks. Custom rule configuration as per needs.
  • Mod Evasive - Helps in stopping HTTP based DOS attacks.

Powered by WHMCompleteSolution