RedyHost takes every step required to protect managed VPS hosted in our cloud.
Customers who do not have Full Management option for their VPS need to setup security for their VPS themselves.
This post includes a number of important steps to make your VPS much more secure and start receiving email notifications if something goes wrong.
1. Stop unnecessary processes
2. Installing and configuring CSF
CSF stands for Config Security Firewall. CSF is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers. For more information about CSF, visit CSF web site. For installation, upgrade and uninstallation instructions visit this knowledgebase article.
To configure CSF visit CSF web site. Alternatively, /etc/csf/csf.conf is the CSF configuration file and it contains comprehensive description of all options.
3. Install ConfigServer eXploit Scanner (cxs)
CXS is a commercial exploit scanner and is available at a very low one-time fee. To order CXS and for installation instructions - visit maintainer's web site.
4. Setup Logwatch
To install and configure logwatch - visit project's page.
5. Configure SSH
- Make sure only SSH v.2 is enabled,
- Setup SSH to listen on a non-standard port
- Disable SSH password authentication and setup SSH login with private key.
6. Install and configure Rootkit Hunter
7. Secure /tmp /var/tmp /dev/shm
These are remounted noexec and nosuid to add an additional layer of protection against web script hackers
8. Delete unnecessary OS users
On a standard OS installation many user accounts are created that are not necessary and can therefore pose a security risk.
9. PHP hardening
Dynamic Library loading is disabled, commonly abused php functions disabled, user defined php.ini files disabled if suPHP is already enabled - to help prevent hackers exploiting vulnerable PHP web scripts.
Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.
11. Exploit check
A check of installed web scripts for known hacking scripts which highlight exploited web applications. Also checks in commonly abused disk directories such as /tmp and /dev/shm for any active exploits as well as a scan of all running processes. Also disabling of any known insecure versions of phpBB is performed to prevent possible compromises. If exploits are found on the server, the compromised account will be suspended and we will notify you of the location of the exploits - this does not include restoring any compromised web files