DNSstuff.com
Apr
21st

Simple Security Checks For Your Dedicated Server

We’ve all heard the saying ‘prevention is better than cure’. This is especially relevant to server security. The best way to prevent an attack is to make sure the opportunity isn’t provided. There’s no way to be totally safe from internet criminals but it’s important to make sure you have a strong, well configured firewall and that you aren’t running any scripts or services that aren’t required.

It’s also important to check regularly for signs of an attempted attack or break in. Here are some of things you can do. You will need to have SSH access to your server.

1. Run rkhunter regularly. I set up a cron job on the servers I manage which runs rkhunter every day and emails me the output. It checks for rootkits, changed files and other anomolies that may lead to an insecure server. You can download it from http://www.rootkit.nl/projects/rootkit_hunter.html

2. Check your server’s /tmp folder. The tmp folder is the preferred location for many exploits … particularly web based .. as it is where PHP stores uploaded files temporarily. If you have suPHP enabled you will also be able to see who the owner of the temporary files is. For the most part there shouldn’t be a whole lot in the /tmp directory. Probably some session files and a handful of other files and folders. Sometimes the name of the file will cause immediate suspicion, but some may be just randomly named. You should ‘cat’  or ‘more’ these files and examine the contents. Also, make sure that your /tmp folder is set so that it doesn’t allow executable files to be run.

If you have CPanel/WHM installed you can run this script from the command line (you will need to be logged in as root)

/scripts/securetmp

If you aren’t running CPanel then these are the commands you will need to use:

Edit /etc/fstab and change your /tmp entry so it looks like this:

LABEL=/tmp /tmp ext3 noexec,nosuid,nodev,rw 1 2

then remount it with this:

mount -o remount /tmp

These are just two steps you can take in preventing a server break-in.