1) CSF FIREWALL
-----------------------------------
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar zxf csf.tgz
cd csf
sh install.sh
If you have APF + BFD you will need to disable it, you can use the following to do so:
sh disable_apf_bfd.sh
To configure CSF modify the config files in /etc/csf/ - or if you are running WHM you can modify the CSF settings in there. By default CSF opens the standard cPanel ports.
Also refer http://configserver.com for getting more information.
2) ROOTCHECK
==========
wget http://www.ossec.net/rootcheck/files/rootcheck-0.4.tar.gz
tar -xvzf rootcheck-0.4.tar.gz
cd rootcheck-0.4
./install
Make sure CPAN on your machine because rootcheck requires the Perl Modules IO::Interface.
After the installation the System scanning can be done by:
./rootcheck.pl
You can also use its options if you need.
3) RKHUNTER
===========
Rkhunter is used to check for trojans, rootkits, and other security problems.
wget -c http://downloads.rootkit.nl/rkhunter-1.1.1.tar.gz
tar -zxvf rkhunter-1.1.1.tar.gz
cd rkhunter-1.1.1
./installer.sh
Run the test scan:
/usr/local/bin/rkhunter -c
To setup a cronjob:
create /etc/cron.daily/rkhunter.sh with following contents
#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter Scan Report" EMAIL@DOMAINNAME)
chmod +x /etc/cron.daily/rkhunter.sh
4) CHKROOT KIT
============
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5
md5sum chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit*
make sense
./chkrootkit
To setup a cronjob:
edit /etc/cron.daily/chkrootkit.sh
#!/bin/bash
cd /INSTALLPATH/chkrootkit-0.42b/
./chkrootkit | mail -s "Daily chkrootkit from SERVERNAME " EMAIL@DOMAINNAME
Important:
1. Replace 'INSTALLPATH' with the actual path to where you unpacked Chkrootkit.
2. Change 'SERVERNAME' to exact value.
3. Change 'EMAIL@DOMAINNAME' to your email address.
chmod 755 /etc/cron.daily/chkrootkit.sh
cd /etc/cron.daily/
./chkrootkit.sh
5) BDF
==============
cd /root/download
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
tar -xvzf bfd-current.tar.gz
cd bfd-0.2
./install.sh
edit /usr/local/bfd/conf.bfd
Enable brute force hack attempt alerts:
ALERT_USR="0" CHANGE TO: ALERT_USR="1"
EMAIL_USR="root" CHANGE TO: EMAIL_USR="EMAIL@DOMAINNAME"
Edit /usr/local/bfd/ignore.hosts and add trusted IPs including yours
BFD uses APF' cli insert feature.
Run using:
/usr/local/sbin/bfd -s
0
Linux/FreeBSD Security Related - installation and configuration
Linux/FreeBSD Security Related - installation and configuration
Wednesday, February 6, 2008
| 0 Comments | Email This
Subscribe to:
Posts (RSS)
Posts
