Powered by eUKhost®

Announcement

Collapse
No announcement yet.

Essential security procedures to have on your server

Collapse
This is a sticky topic.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Essential security procedures to have on your server

    If you have a static IP, you can strengthen the security of your server by:

    (Although if you have a dynamic IP, some of these provisions can definitely help secure your server further.)
    1. Only allow SSH access by listed IPs (restrict SSH daemon use)
    2. Restrict WHM and cPanel access to "known IPs", otherwise security questions have to be answered
    3. Prevent direct SSH root access. Instead, create an account within SSH (beforehand) and allow to escalate to root

    To restrict SSH access, you can do this the easy way by going to Security Center -> Host Access Control section of WHM. The SSH daemon name is sshd. Ensure you allow your IP before denying any other connections (essentially, ensure restrictions are in order).

    To restrict WHM access to known IPs, otherwise security questions have to be answered, go to Configure Security Policies section of WHM, and check the "Limit Login to Verified IP Addresses". After that, go to another section of WHM and you will be prompted to create security questions. You can also create your own in this section. Make sure they aren't obvious and are personal to you.

    To prevent root SSH login, login to SSH and create an account:

    Code:
    useradd username
    Replace username accordingly.

    Code:
    passwd username
    Replace username with the username of your new account. Then, set a password for the new account.

    Code:
    usermod -G wheel username
    What's this? (see this and this)

    To login as root, login to the priviledged account via SSH, and su -

    Replace username with the username of your new account.

    Then disable root SSH login:

    Code:
    vim /etc/ssh/sshd_config
    And insert at the point where it says #PermitRootLogin [..] and remove the hash. If it says #PermitRootLogin yes replace yes with no (and remove the hash if it is present). For information on how to use vim, see this thread on our forum.

    Then restart the SSH service:

    Code:
    service sshd restart
    To restrict SSH daemon to known IPs, go to "Host Access Control" section of WHM. See screenshot below:



    Below that ensure you deny any other connections.

    Hope this helps.

    Further reading:

    What is a daemon?
    Find us on Twitter and Facebook

    Need to contact us?
    Customer Support: Client Area - 0800 862 0380 (option 2)
    Customer Relations: [email protected] - 0800 862 0380 (option 3)
    Sales: [email protected] - 0800 862 0380 (option 1)




    The opinions or views expressed above are not necessarily the opinions or views of eUKhost Ltd.

  • #2
    Thanks for the post Ben . Very informative. I shall be implementing these measures this weekend to further increase security .
    David Smith
    Managing Director
    DPS Computing Limited

    - Massive update! (September 2011) - It's now not neglected!!
    - New Site (10/2009)

    Comment


    • #3
      Originally posted by DPS Computing View Post
      Thanks for the post Ben . Very informative. I shall be implementing these measures this weekend to further increase security .
      You're welcome David . Glad I could help .
      Find us on Twitter and Facebook

      Need to contact us?
      Customer Support: Client Area - 0800 862 0380 (option 2)
      Customer Relations: [email protected] - 0800 862 0380 (option 3)
      Sales: [email protected] - 0800 862 0380 (option 1)




      The opinions or views expressed above are not necessarily the opinions or views of eUKhost Ltd.

      Comment


      • #4
        Forgot to add sections for how to escalate to root from priviledged account in SSH, and how to restrict SSH use to listed IPs (esp. useful if you have a static IP).
        Find us on Twitter and Facebook

        Need to contact us?
        Customer Support: Client Area - 0800 862 0380 (option 2)
        Customer Relations: [email protected] - 0800 862 0380 (option 3)
        Sales: [email protected] - 0800 862 0380 (option 1)




        The opinions or views expressed above are not necessarily the opinions or views of eUKhost Ltd.

        Comment


        • #5
          Thanks for the post Ben ,Good stuff.
          Thanks and Regards,
          Alex Parker
          Senior System Administrator.
          Dedicated Hosting || Semi Dedicated Hosting|Disaster Recovery Solutions

          EMAIL:alex @ eukhost.com
          MSN: alex @ eukhost.com
          SKYPE: euk_alexp

          Comment


          • #6
            Originally posted by AlexP View Post
            Thanks for the post Ben ,Good stuff.
            Cheers Alex .
            Find us on Twitter and Facebook

            Need to contact us?
            Customer Support: Client Area - 0800 862 0380 (option 2)
            Customer Relations: [email protected] - 0800 862 0380 (option 3)
            Sales: [email protected] - 0800 862 0380 (option 1)




            The opinions or views expressed above are not necessarily the opinions or views of eUKhost Ltd.

            Comment


            • #7
              Re: Essential security procedures to have on your server

              Are these part of the security measures your company offers? If so they are very good and necessary. I like the idea that you help your clients with security.

              Comment

              ban-img
              Working...
              X