eth0.us - Server admin info for cPanel, plesk, ensim and linux!

I know that cPanel and plain redhat do not use proprietary ssh version and this will work fine for those servers. Ensim does not use special rpms like I had posted before, they use PAM authentication which is the same as cPanel does. I believe this guide should work with plesk (there is no reason it should not) but I have not personally tried so if you do please post! As always I take no responsibility if this guide screws up your server, it worked fine for me!

Updated June 19th with the latest version of openssh and openssl.

I also included the --without-zlib-version-check function which is neede for RHEL, the version is upgraded but the version numbers do not look ok with the configure script, it is nothing to worry about.

First step we will enable telnet so if something screws up you can still access the server:

The purpose of syctl hardening is to help prevent spoofing and dos attacks. This short guide will show what I have found to be a good configuration for the sysctl.conf configuration file. The most important of the variables listed below is the enabling of syn cookie protection. Only place the bottom two if you do not want your server to respond to ICMP echo, commonly referred to as ICMP ping or just ping requests.


NOTICE: Make sure that eth0 is your primary interface, if it is not replace eth0 with eth1 in the code below.

-----command-----
pico -w /etc/sysctl.conf
-----command-----

Now paste the following into the file, you can overwrite the current information.

How-To: Secure your temp directories


Every system needs temporary folders that any user is able to read and write BUT these directories should not be able to execute programs or scripts. Though this will only protect you from somebody running the script directly it will help with a large portion of the automated rootkits and trojans that script kiddies use. They will still be able to put the files on the system but they will be unable to execute them and create the back door. One of the biggest problems is php injection via apache in which people will have apache download and then run an exploit. Securing the temp directories is probably the single biggest thing you can do towards securing your server.

Miscellaneous system tweaks

In this guide I am going to go over some basic system tweaks that will help the security of your server. None of are that big of a deal but every little bit helps secure your server more.

Updated Feb 18 to include enabling syncookies

This guide will not actually help in a physical sense to secure your server but it help prevent against many automated attacks that attack based on version number. If a cracker is starting to probe your system for holes it is common to check all the version numbers for your services. This guide will disable some of the common system daemons from reporting what version they are. This is called security by obscurity and you should not rely on it! It is just one of the many little things that you can do to help lower your systems chance of getting hacked.

One way to stop one of the more basic attacks on a server is mod_evasive.This how-to will walk though the process of installing and configuring mod_evasive. This apache module will help protect against people sending too many requests to the webserver in an attempt to flood it. If it detects too many connections the offending ip will be blocked from the accessing apache for This is especially useful when the server is continuously getting attacked. With this default configuration it will block the offending ip for 10 minutes. If it continues to try and flood mod_evasive will automatically add more time to this.

*Update* Feb 1 2005 - Now links to the latest version of mod_evasive from the old name of mod_dosevasive.

This page has a list of various scripts as well as information to further help secure your server. Many of them are from rfxnetworks who does a great job with his scripts, all of which are released freely for anybody to use. They all will greatly help towards making your server more secure and run better. That being said make sure and look at all of the emails coming in from the scripts because they may identify problems or possible intrusions.

This guide is going to show you how to install and configure mod_security which will help protect your server from exploits that are passed though apache. Mod_security does this by inspecting the information sent in apache and filtering out all of the "bad" requests as determined by the set of rules specified in the httpd.conf. The ruleset that I use in this guide will block out most of the common exploits, including the nosanity phpbb worms. It should also block out most of the other common methods of hacking a server passed though php.

Updated July 11th with the latest version, enjoy!

Looking at the web stats it looks like a lot of you have already figured it out already but I was looking at the drupal documents and found that RSS feeds were already built into it. The url to access the RSS is at: http://www.eth0.us/?q=node/feed
Enjoy :)
John Wigle
"eth00"