Experts Hosting has assembled a variety of patches, best practices and much needed security software and put them into a package that can be installed and configured on any Linux server. We highly recommend this hardending be performed on every linux server, especially shared hosting servers that are more prone to attacks.
You can view the items this package includes below. This is a one-time service and unless you have a server management plan with us we do not provide future security related assistance.
Available for Linux servers only.
Our server hardening plan includes:
- Firewall Installation/Configuration– We install and custom configure a complete stateful packet inspection netfilter firewall. Offers more protection than standard iptables.
- Login Failure Daemon– Integrates with the above firewall to block hacking and system intrusion attempts (such as brute force ssh and ftp attacks).
- Linux Socket Monitor– Detects/alerts when new sockets are created on your system, often revealing hacker activity.
- Remove unused processes– Default OS configurations often run services that are not needed and can be a security risk if left running.
- Install Logwatch– Logwatch is a daily report that summarizes the information contained in the server log files.
- OpenSSH configuration check– OpenSSH is checked to ensure only SSHv2 protocol is enabled. Additionally, if you request it, we can disable root login for the server and change the SSH port.
- Rootkit Hunter– Rootkit Hunter is an essential tool in detecting possible root compromise and rootkit installation.
- Chkrootkit– Chkrootkit is another essential tool in detecting possible root compromise and rootkit installation, it compliments rkhunter with a different detection approach.
- Full OS Patching/Updating– We fully patch and update your OS.
- Name server configuration check– If your server is running bind, we’ll check to insure it’s functioning properly and will disable open DNS recursion.
- Apache tune and check– Check that apache is correctly configured and tuned for your servers requirements and that it is the latest version and upgrade if necessary.
- MySQL tune and check– Check that mysql is correctly configured and tuned for your servers requirements.
- Secure /tmp /var/tmp /dev/shm– These are remounted noexec and nosuid to add an additional layer of protection against web script hackers.
- Delete unnecessary OS users– On a standard OS installation many user accounts are created that are not necessary and can therefore pose a security risk.
- Remove SUID/GUID from binaries– On a standard OS installation many application binaries have SUID and GUID bits set that are not necessary and can therefore pose a security risk.
- mod_security (BY REQUEST ONLY) – mod_security apache module is a security layer in apache that helps prevent exploitation of vulnerable web scripts. Mod-security will only be installed by request as its rules can break certain websites — if you want mod-security installed on your server please let us know.
- PHP hardening (BY REQUEST ONLY) – Dynamic Library loading is disabled and commonly abused php functions disabled to help prevent hackers exploiting vulnerable PHP web scripts. Note this is performed by request only as it can break certain websites. Please contact us if you need further details.
There is NO CHARGE for hardening if your server has a Server Management plan, you just need to request it (so please do!).
To purchase or obtain more information on our server hardening, please call us at 21 000 595 (International +216 21 000 595) or send an email to firstname.lastname@example.org . We currently do not accept online orders for this service.