Configurar spamassassin cpanel5/17/2023 The following ports are required for CPanel: To install APF, SSH into server and login as root.Īt command prompt type: tar -xvzf Īt command prompt type: rm -f Īfter APF has been installed, you need to edit the configuration file. Make sure you run it on a regular basis, perhaps including it in a cron job. To install chrootkit, SSH into server and login as root.Īt command prompt type: tar xvzf Īt command prompt type: cd chkrootkit-0.44Īt command prompt type: /root/chkrootkit-0.44/chkrootkit These are applications that will help to secure your server. Scroll (way) down and change the following line toĪt command prompt type: /etc/rc.d/init.d/httpd restartĪ Beginner's Guide to Securing Your Server Part 3 of 3 (Apps to install) To disable the version output for proftp, SSH into server and login as root.Īt command prompt type: pico /etc/httpd/conf/nf home/cpapachebuild/buildapache/php-4.3.1/ext/ircg Note: There will be several listings that will be OS/CPanel related. To disable any shell accounts hosted on your server SSH into server and login as root. Now everytime someone logs in as root, they will see this message. Investigated and reported to the appropriate law enforcement agencies. This system is restricted to authorized access only. To an SSH legal message, SSH into server and login as root.Ĭode: ALERT! You are entering a secured area! Your IP and login information Scroll down to the end of the file and add the following line:Įcho 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk ''`" and exit. To have the server e-mail you everytime someone logs in as root, SSH into server and login as root.Īt command prompt type: pico. Server e-mail everytime someone logs in as root To disable telnet, SSH into server and login as root.Īt command prompt type: pico -w /etc/xinetd.d/telnetĪt command prompt type: /etc/init.d/xinetd restart Telnet is a very unsecure protocol, so change your root password after you use it. Note: If you should have any problems, just Telnet into your server, fix the problem, then SSH in again. Be sure to add an A address to your zone file for the new nameserver.Īt command prompt type: /etc/rc.d/init.d/sshd restartĮxit out of SSH, and then re-login to SSH using the new IP or nameserver, and the new port. Just create one called something like or whatever. Note 2: You can also create a custome nameserver specifically for your new SSH IP address. Save by pressing Ctrl o on your keyboard, and then exit by pressing Ctrl x on your keyboard. Note 1: If you would like to disable direct Root Login, scroll down until you find ListenAddress 123.123.123.15 (use one of your own IP Addresses that has been assigned to your server) Port 5678 (choose your own 4 to 5 digit port number (49151 is the highest port number) Scroll down to the section of the file that looks like this: It's a clean running application that will not require installation on Windows-boxes.Īt command prompt type: pico /etc/ssh/sshd_config Note: You can download Putty by Clicking Here. To restrict and secure SSH access, bind sshd to a single IP that is different than the main IP to the server, and on a different port than port 22. Udate OS, Apache and CPanel to the latest stable versions. These are measures that can be taken to secure your server, with SSH access. The following and similar items are not Trojans:Ī Beginner's Guide to Securing Your Server Part 2 of 3 (with SSH access) Goto Security and run Quick Security Scan and Scan for Trojan Horses often. Goto Account Functions => Manage Shell Accessĭisable Shell Access for all users (except yourself) Goto Service Configuration => FTP Configuration When setting up Feature Limits for resellers in Resellers => Reseller Center, under Privileges always disable Allow Creation of Packages with Shell Access and enable Never allow creation of accounts with shell access under Root Access disable All Features. Goto Server Setup => Shell Fork Bomb Protection Remove all users except for root and your main account from the wheel group. Goto Server Setup => Manage Wheel Group Users Use jailshell as the default shell for all new accounts and modified accountsĭisabled Compilers for unprivileged users. (ie, aol.com)Īttempt to prevent pop3 connection floodsĭefault catch-all/default address behavior for new accounts - blackhole Prevent users from parking/adding on common internet domains. These are items inside of WHM/Cpanel that should be changed to secure your server. A Beginner's Guide to Securing Your Server Part 1 of 3 (Security Inside WHM/CPanel)
0 Comments
Leave a Reply. |