Child pages
  • Additional Security Software
Skip to end of metadata
Go to start of metadata

Overview

This document lists additional software and modifications that you can install to help secure your server.

chkrootkit

The chkrootkit script is a shell script that examines your system's binaries for rootkit installations. A rootkit is a software modification that allows a malicious user to gain undetected administrative access to the server.

To install the chkrootkit script, perform the following steps:

  1. Log in to your server as the root user via SSH.
  2. Run the cd /root command to change to the root directory.

  3. Run the following command to download chkrootkit:

    wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz 
  4. Run the tar -xvzf chkrootkit.tar.gz command to decompress the downloaded file.

  5. Run the cd chkrootkit-0.50 command to change directories.

  6. To begin the chkrootkit installation, run the make sense command.

The system will install the chkrootkit script on your server.

To run the chkrootkit script, run the following command:

/root/chkrootkit-0.50/chkrootkit

Note:

We strongly recommend that you run the chkrootkit script often and add a cron job that runs the above command.

rkhunter

Rootkit Hunter is another script that scans for rootkits and other exploits.

To install the rkhunter script, perform the following steps:

  1. Log in to your server as the root user via SSH.
  2. Run the cd /root command to change to the root directory.

  3. Run the following commands to download the rkhunter script:

    wget http://dfn.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.4.2.tar.gz
  4. Run the tar -xvzf rkhunter-1.4.2.tar.gz command to decompress the downloaded file.

  5. Run the cd rkhunter-1.4.2 command to change directories.

  6. To begin the rkhunter script installation, run the ./installer.sh --layout default --install command.

The system will install the rkhunter script on your server.

To run the rkhunter script, run the following command:

/root/rkhunter-1.4.2/files/rkhunter -c

For information about how to configure the rkhunter script, read the rkhunter FAQ.

Note:

We strongly recommend that you run the rkhunter script often and add a cron job that runs the above command.

 

Modify the Logwatch configuration file

Logwatch is a customizable log analysis system that parses your system's log files for a given period of time and creates a report that analyzes specified data.

If your server does not include Logwatch, run the yum -y install logwatch command to install it and any dependences that Logwatch requires.

The Logwatch configuration file exists in the /usr/share/logwatch/default.conf/logwatch.conf location.

We recommend that you use a text editor to change the following parameters:

ParameterDescription
MailTo = user@example.comChange the user@example.com address to the email address that you wish to receive Logwatch notifications.
Detail = 5 or Detail = 10

Change this parameter to set the detail in the log files.

  • 5 represents a medium level of detail.
  • 10 represents a high level of detail.

ConfigServer software

Many of our technical analysts recommend that you use CSF (ConfigServer Firewall), a free product that ConfigServer provides. CSF is a stateful packet inspection (SPI) firewall, login and intrusion detection mechanism, and general security application for Linux servers.

To install CSF, perform the following steps:

  1. Log in to your server as the root user via SSH.
  2. Run the cd /root command to change to the root directory.

  3. Run the following command to download CSF:

    wget https://download.configserver.com/csf.tgz
  4. Run the tar -xzf csf.tgz command to decompress the downloaded file.

  5. Run the cd csf command to change directories.

  6. To begin the chkrootkit installation, run the ./install.cpanel.sh command.

To configure CSF, use WHM's ConfigServer Security & Firewall interface (WHM >> Home >> Plugins >> ConfigServer Security & Firewall). The installation script should enable the correct ports in CSF, but we recommend that you confirm this on your server.

After you configure CSF, you must disable testing mode. To take CSF out of testing mode, perform the following steps:

  1. Click Firewall.
  2. Change the value of Testing from 1 to 0.
  3. Click Change.

For more information about how to use CSF, visit the CSF website.

Note:

ConfigServer also provides ConfigServer Mail Queues (CMQ), a free add-on product for cPanel & WHM. The product provides a full featured interface to cPanel's Exim mail queues from within WHM. For more information about how to install and use CMQ, visit the CMQ website.

Additional documentation