Security Advisor
The following items are highlighted in security advisor should they all be implemented or should some of them be ignored?
Apache vhosts are not segmented or chroot()ed.
No symlink protection detected
No brute force protection detected
ClamAV is not installed
SSH password authentication is enabled.
Outbound SMTP connections are unrestricted
-
These are a Must if you are selling shared accounts and do not impact performance (csf might depending on how large your iptables rules are) No symlink protection detected: use cloudLinux cagefs or enable Symlink Race Condition Protection in easy Apache No brute force protection detected: install csf (configure server Firewall), enable cPHulk Brute Force Protection or both personally I use just csf Outbound SMTP connections are unrestricted: enable SMTP tweak in tweak settings or if using CSF disable it in WHM and enable SMTP_BLOCK in csf These recommended but on a case by case Apache vhosts are not segmented or chroot()ed.: Use CageFS on CloudLinux if not using mod_ruid2 or Jail Apache Virtual Hosts using mod_ruid2 and cPanel" jailshell its still tagged as experimental I do not use it so I can't comet on the how well it works perhaps others who use it can. ClamAV is not installed: will not be able to scan for viruses on your system files & email. note ClamAV can use a lot of memory so if your limited on memory such as running in a VPS you may not want to enable This should probably be a Must I only put it down here because most new users mess this up and lock themselves out of their server SSH password authentication is enabled: disable & su to root adding a specific user to Manage Wheel Group Users or better yet set up ssh keys 0 -
Wow - thanks very much for the in depth response, I will study it and implement your suggestions. 0 -
Hello :) Also, generally speaking, it's typically a good idea to implement changes to protect against those highlighted items unless you have a specific reason not to. Thank you. 0 -
These are a Must if you are selling shared accounts and do not impact performance (csf might depending on how large your iptables rules are) No symlink protection detected: use cloudLinux cagefs or enable Symlink Race Condition Protection in easy Apache No brute force protection detected: install csf (configure server Firewall), enable cPHulk Brute Force Protection or both personally I use just csf Outbound SMTP connections are unrestricted: enable SMTP tweak in tweak settings or if using CSF disable it in WHM and enable SMTP_BLOCK in csf These recommended but on a case by case Apache vhosts are not segmented or chroot()ed.: Use [url=http://www.shuttle-paris-airports.com/]Paris shuttle transfers CageFS on CloudLinux if not using mod_ruid2 or Jail Apache Virtual Hosts using mod_ruid2 and cPanel" jailshell its still tagged as experimental I do not use it so I can't comet on the how well it works perhaps others who use it can. ClamAV is not installed: will not be able to scan for viruses on your system files & email. note ClamAV can use a lot of memory so if your limited on memory such as running in a VPS you may not want to enable This should probably be a Must I only put it down here because most new users mess this up and lock themselves out of their server SSH password authentication is enabled: disable & su to root adding a specific user to Manage Wheel Group Users or better yet set up ssh keys
Hey, Thanks for the usefull information. From Few days i face this problem. Now i am able to solve my problem. So again thanks for the post.0
Please sign in to leave a comment.
Comments
5 comments