Recommended Software and Modifications for Server Security

1
Recommended Software and Modifications for Server
Security
2
Table of Contents

• Introduction
• Introduction (Continued)
• APF Firewall
• Atomicorp
• BitNinja
• chkrootkit
• CloudLinux
• ConfigServer Software
• ConfigServer Software (Continued)

• ConfigServer Software (Continued I)
• ConfigServer eXploit Scanner
• ImunifyAV
• Imunify360
• KernelCare
• Linux Malware Detect
• Modify the Logwatch Configuration File
• Patchman
• RootKit Hunter

3
Introduction

• Certain security settings are recommended that
  ensure your servers security. Here, information
  is being provided on scripts as well as software
  for server modification, which are aimed at
  enhancing server security. The information
  contained here lists all those third-party
  software and modifications which can be installed
  to increase a servers security.
• In the context of servers, web servers are a type
  of server that are used by web hosting companies
  for the purpose of providing the service of web
  hosting. Web hosting companies that are renowned
  as the Best Website Hosting Company, the Best
  Windows Hosting Company, and the Top Cloud
  Hosting Company, such as HTS Hosting, offer
  hosting services that deliver high uptime, secure
  and speedy hosting at very affordable prices.

4
Introduction (Continued)

• Despite the recommendations, it is advised that
  the release date of all the solutions that are
  being provided here are checked. This is because
  many programs might not have received updates and
  might contain malware libraries that are
  outdated. Out of all the solutions listed here,
  cPanel provides direct technical support only for
  KernelCare, Imunify360, and CloudLinux, when
  these are directly licensed through cPanel. In
  other cases, the concerned software developer or
  the system administrator needs to be contacted in
  situations where help is needed.

5
APF Firewall

• An advanced firewall for Linux systems is offered
  by APF Firewall. APF is the abbreviation for
  Advanced Policy Firewall. It is a firewall system
  that is iptables (netfilter) based. It has been
  designed to cater to the requirements of the
  Internet deployed servers of these days as well
  as the unique requirements of custom deployed
  Linux installations. APFs configuration is
  immensely informative and it equips the user with
  a process that is easy to follow.
• APF utilizes the latest as well as the most
  stable features from the iptables project. This
  ensures that a very powerful firewall is
  provided. APFs filtering is threefold
• Policies that are based on static rule (not
  static firewall)
• Policies based on sanity
• Stateful policies that are connection based

6
Atomicorp

• A secure and hardened shell for Linux servers is
  offered by Atomicorp. Atomicorp ensures the
  security of a server and the hybrid environment.
  With regard to data center workloads, it offers
  an intrusion prevention system that is
  comprehensive.
• The main features of Atomicorp are as follows
• System Hardening
• Memory protection
• Advanced FIM (File Integrity Monitoring)
• Vulnerability Shielding/ WAF Protection
• Compliance Reporting
• Application control and visibility
• Cloud-based and Workload-based Machine Learning
• Real-time scanning and quarantine
• Micro segmentation
• Server EDR and behavioural monitoring

7
BitNinja

• A security suite is provided by BitNinja.
  Protection against multiple forms of attacks is
  provided by it.
• Some of the features that this server protection
  suite for hosting providers offers, are as
  follows
• Realtime IP Reputation
• WAF (Web Application Firewall)
• Log Analysis
• DoS Detection
• Malware Detection
• Honeypots which trap suspicious connections

8
Chkrootkit

• The binaries of your system for rootkit
  installations are examined by the chkrootkit
  shell script. Undetected administrative access to
  a server can be gained by a malicious user
  through rootkits.
• The following steps need to be carried out for
  installing the chkrootkit script
• Server log in via SSH. This needs to be done as
  the root user.
• Change the root directory by running the cd /root
  command.
• Download chkrootkit by running the
  below-mentioned command.
• wget ftp//ftp.pangeia.com.br/pub/seg/pac/chkrootk
  it.tar.gz
• Decompress the downloaded file by running the
  command, tar -xvzf chkrootkit.tar.gz
• Change directories by running the command, cd
  chkrootkit-0.53
• Run the command, make sense, in order to start
  the chkrootkit installation. The chkrootkit
  script will be installed by the system on your
  server.
• Run the below-mentioned command to run the
  chkrootkit script.
• /root/chkrootkit-0.53/chkrootki
  t

9
1-800-123 -8156

• Whoa! Thats a big number, arent you
  proud?

10
CloudLinux

• A secure version of Linux is provided through
  CloudLinux which integrates with cPanel WHM.
  Advanced functionality is provided by it for
  hosting environments that are shared. Resource
  management tools that are detailed are provided
  by it along with stability and enhancements to
  system management. CloudLinux is available for
  purchase at the cPanel store.

11
ConfigServer Software

• The use of CSF (ConfigServer Firewall), which is
  a free product provided by ConfigServer, is
  highly recommended. The following components are
  contained in CSF
• Stateful Packet Inspection (SPI) firewall
• Mechanism for login and intrusion detection
• General security application related to Linux
  servers
• The following steps need to be followed for
  installing ConfigServer Firewall
• Server log in via SSH. This needs to be done as
  the root user
• Change the root directory by running the command,
  cd /root
• Download ConfigServer Firewall by running the
  below-mentioned command
• wget https//download.configserver.com/csf.tgz
• Decompress the downloaded file by running the
  command, tar -xzf csf.tgz
• Change directories by running the command, cd csf
  
• Start the CSF installation by running the
  command, ./install.cpanel.sh

12
ConfigServer Software (Continued)

• The ConfigServer Security Firewall interface of
  WHM is used to configure CSF.
• WHM gtgt Home gtgt Plugins gtgt ConfigServer Security
  Firewall
• The correct ports in CSF need to be enabled by
  the installation script. It is recommended that
  this be confirmed on the server.
• Testing mode should be disabled, after CSF has
  been configured. The following steps need to be
  carried out for this purpose
• Click Firewall
• The value of Testing needs to be changed from 0
  to 1
• Click Change

13
ConfigServer Software (Continued I)

• CMQ (ConfigServer Mail Queues) are also provided
  by ConfigServer. It is a cPanel WHM free add-on
  product. A full-featured interface is provided by
  this product to the Exim mail queues of cPanel
  from within WHM.
• The ConfigServer Mail Queues prove to be useful
  for
• Bounce emails deletion
• Undelivered (frozen) emails deletion
• Attempts to retry the delivery of specific emails
• Determination of the reason for inbound or
  outbound emails delivery failure
• Forcing queue runs
• Integration with installed MailScanner, offering
  Pending and Delivery queues emails
  views/deletion
• Viewing specific emails email history from the
  exim mail logs
• Searching for, viewing and/or deletion of emails
  from certain domains and addresses

14
ConfigServer eXploit Scanner

• CXS stands for ConfigServer eXploit Scanner,
  which integrates with cPanel WHM. All uploads
  to a server are scanned for malware by it.
  Additionally, if any suspicious file is found, it
  is quarantined by it. Its initial installation is
  included with the license along with the
  recommended configuration options.

15
ImunifyAV

• Protecting the server against any malicious code
  is rendered easy by ImunifyAV, which is a free
  Linux server antivirus software. Enhanced
  antivirus protection is provided by ImunifyAV
  which detects threats as well as automatically
  cleans files that are infected. Email
  notifications are included in it.
• ImunifyAV is available for purchase on the
  cPanel store.

16
Imunify360

• A security suite is offered by Imunify360 which
  is aimed at protecting servers against a wide
  range of attacks. Imunify360 integrates with
  cPanel WHM. Reports regarding the status of the
  server are provided by it to the system
  administrator. It can be purchased from the
  cPanel store.

17
KernelCare

• The Linux kernel of the system is automatically
  updated by KernelCare. This takes place without
  any requirement for a reboot. It not only
  automates Linux kernel, IoT security patching and
  shared libraries without the need to reboot or
  causing any downtime but also fixes security
  vulnerabilities on numerous Linux distributions.
  Patches which secure vulnerabilities are also
  offered by it. KernelCare is available for
  purchase in the cPanel store.
• It needs to be mentioned that KernelCare can only
  be installed on those systems which run CentOS 6,
  7 and 8.

18
Linux Malware Detect

• LMD stands for Linux Malware Detect. A shareware
  protection scanner against malware for Linux is
  offered by LMD. It is designed to provide
  protection against the threats that exist in
  shared hosting environments. Threat data from
  network edge intrusion detection systems is used
  by it for extracting malware which is actively
  used in attacks. Signatures are generated by it
  for detection. The signatures that are used by
  LMD are MD5 file hashes as well as HEX pattern
  matches. Moreover, these can be exported easily
  to detection tools.

19
Modify the Logwatch Configuration File

• The log files of the system are parsed by the
  Logwatch customizable log analysis system for a
  certain period of time. Additionally, a report is
  created for the analysis of specific data. When
  the server does not include Logwatch, the
  following command needs to be run to install it,
  along with the required dependences yum -y
  install logwatch
• The location of the Logwatch configuration file
  is /usr/share/logwatch/default.conf/logwatch.conf
  
• The use of a text editor is recommended for
  changing the below-mentioned parameters.
• MailTo user_at_example.com - Changing the address,
  user_at_example.com, to that email address on which
  Logwatch notifications need to be received.
• Detail 5 or Detail 10 This parameter
  changes in order to set log files details. 5 and
  10 represent a medium and a high level of detail,
  respectively.

20
Patchman

• Vulnerabilities in software are detected by
  Patchman, which integrates with cPanel WHM.
  Reports related to the status of the server are
  provided by it to the system administrator.
  Moreover, notices are sent by it to customers
  with regard to providing information on
  resolution of issues. When vulnerabilities are
  not resolved by customers, Patchman automatically
  fixes those vulnerabilities.

21
Rootkit Hunter

• Rootkits and any other exploit are scanned by the
  script, rkhunter. It needs to be mentioned that
  rkhunter (Rootkit Hunter) is not provided by
  cPanel. Moreover, false positives might be
  experienced while using rkhunter. The system
  administrator should be contacted for assistance
  regarding rkhunter. It is recommended that the
  rkhunter script be run frequently and a cron job
  be added which runs the command,
  /root/rkhunter-version/files/rkhunter -c
• The following steps should be performed for
  installing the rkhunter script
• Server log in via SSH. It needs to be done as the
  root user
• Change the root directory by running the cd /root
  command
• Download the rkhunter script by running the
  below-mentioned command
• wget https//sourceforge.net/projects/rkhunter/fil
  es/rkhunter/version/rkhunter-version.tar.gz.asc/do
  wnload
• Decompress the downloaded file by running the
  below-mentioned command
• tar -xvzf rkhunter-version.tar.gz
• Change directories by running the command, cd
  rkhunter-1version
• Run the command, ./installer.sh --layout default
  --install for beginning the rkhunter script
  installation. The system installs the rkhunter
  script on the server
• The following command needs to be run for running
  the rkhunter script /root/rkhunter-version/files/
  rkhunter -c

22
Thanks!

• ANY QUESTIONS?

• www.htshosting.org