Misc Scripts
This page has a list of various scripts as well as information to further help secure your server. Many of them are from rfxnetworks who does a great job with his scripts, all of which are released freely for anybody to use. They all will greatly help towards making your server more secure and run better. That being said make sure and look at all of the emails coming in from the scripts because they may identify problems or possible intrusions.
Along with installing APF I would suggest installing brute force monitor (BFD) also by rfxnetworks. BFD will monitor your ssh and ftp services and automatically ban users that try to brute force a password. If you install BFD make sure you can get a separate ip to ssh into your server incase it blocks you for some reason! You can add yaour ip to the allow list via “apf -a IP” if you have a static ip.
http://www.rfxnetworks.com/bfd.php
Yet another very handy tool by rfxnetworks is linux socket monitor (LSM). This tool will alert you whenever a new port is opened on the server. This is very helpful in detecting any users running weird processes or attempting to run backdoors. When any program that it does not recognized is started it will email you with the information. It does tend to be somewhat cpu intensive but I think it is well worth it. You never know what backdoor somebody may try to install on your system. This script may occasionally email you for a false positive but it is still generally a good idea to investigate it to ensure that it is not your server opening a backdoor.
http://www.rfxnetworks.com/lsm.php
Another tool I would suggest, but that is not really part of securing your server, is system integrity monitor (SIM) which is also by rfxnetworks. SIM will automatically detect when a service is down and restarts it. I would highly recommend this for any server, including cPanel servers.
http://www.rfxnetworks.com/sim.php
Linux environmental security (LES) is a new tool from rfxnetworks that I have not had much time to work with but looks like it is a very interesting project. Instead of just changing a few permissions like I have below LES goes though the entire system and secures important binaries so only root can use them. The only thing to beware is if you use the disable-all function the rpm database is locked and must be unlocked before any rpm upgrades are allowed. I would recommend enabling everything EXCEPT for the rpm database.
http://www.rfxnetworks.com/les.php
Many php exploit scritps use common *nix tools to download rootkits or backdoors. By simply chmod’ing the files so that no none-wheel or root user can use them we can eliminate many possible problems. The downside to doing this is that shell users will be inconvenienced by not being able to use the the commands below. If you run LES, which I would suggest, then you do not need to run the first group of chmods. If you get an error on the chmod 000 because a directory does not exist to not worry they are not on every server.
—–command—–
chmod 750 /usr/bin/rcp
chmod 750 /usr/bin/wget
chmod 750 /usr/bin/lynx
chmod 750 /usr/bin/links
chmod 750 /usr/bin/scp
chmod 000 /etc/httpd/proxy/
chmod 000 /var/spool/samba/
chmod 000 /var/mail/vbox/
—–command—–