How to Secure Linux Servers

How to Secure Linux Servers

Basic Linux Server Security

Install Firewall (APF or CSF Firewall with BFD)

  ModSecurity (Web application firewall)

  ModEvasive (Prevent DDOS attacks)

  Harden SSH server

  Fix Open DNS Recursion

  Install RKhunter

  Install ClamAV (Antivirus)

  XInet Servers Hardening (Disable Telnet/Finger or unwanted services)

  Securing PHP

  PortsEntry (tool to detect portscans)

  Harden host.conf (against IP spoofing)

  Check User Uploaded files

  Secure /tmp Folders (noexec, nosuid)

继续阅读How to Secure Linux Servers

install mod_security2 on centos / redhat

This article assumes that you have installed a RedHat Enterprise or CentOS and not guaranteed to work, although we have tested on several CentOS 4.5 with success.
The first thing is make sure we have installed the libxml2 library, for it only have to do a search on our system, if installed normally. (XPC Note: Try “yum install libxml2-devel”) 继续阅读install mod_security2 on centos / redhat

VirtualBox安装CentOS后如何安装增强功能

本机操作系统为vista,virtualbox版本为3.1.2 r56127,虚拟机为CentOS 5.4 i386。安装vitualbox增强功能的步骤:
1.启动CentOS,以root身份登录,进入桌面环境。
2.在virtualbox菜单中选择“设备–>安装增强功能”,会在桌面上出现一个“VBOXADDITIONS_3.1.2_56127”图标。
3.双击上述图标,打开文件窗口,选择“工具–>打开终端”菜单,进入终端模式。
4.执行如下命令:
#yum install kernel-devel  //执行此命令提示有错误,忽略;
#yum install gcc  //执行此命令提示有错误,忽略;
ln -s /usr/src/kernels/2.6.18-……-i686 /usr/src/linux   //省略号处用TAB键补全
sh VBoxLinuxAdditions-x86.run
5.重启系统即可。
6.更改屏幕分辨率:

 #vi /etc/X11/xorg.conf
  SubSection "Display"
            Viewport 0 0
            Depth     24
            Modes "1024x768" "800x600" "640x480"
   EndSubSection

mysql手动复制数据库技巧

一步完成mysql数据库复制。

mysqldump esojourn --opt -u root -p | mysql esojourn -h 192.168.0.2 -u root -p

我下面对这个命令的几个部分说明一下。mysqldump wap –opt,是把名为wap的这个数据库导出到标准输出。并且使用–opt选项。 –opt 等效于–add-drop-table, –add-locks, –create-options, –quick, –extended-insert, –lock-tables, –set-charset, 和–disable-keys。这在完全导出然后完全导入数据的时候,非常有用。

小心前后别弄反。要不就悲剧大了。

fail2ban阻止vsftpd暴力攻击失败的对策

Fail2ban is failing to ban VSFTPD bruteforce:

In my case with VSFTPD, with unresolvable DNS names from /var/log/secure:

Scenario: VSFTP configuration is set for PAM authentication, using xferlog in standard format. Fail2ban for vsftpd is watching /var/log/secure

Problem: PAM sends failed login information to /var/log/secure, but the remote server’s IP address has been replaced by a DNS name. Resulting DNS name does not resolve or does not resolve correctly, thus fail2ban is unable to ban the IP address.

Fix: Configure VSFTP for “dual_log_enable=YES”, and have fail2ban watch /var/log/vsftpd.log instead. This log file shows the incoming ip address instead of the DNS name.

[ update: you also need to adde’use_localtime=YES’ to config file of VSFTPD. otherwise, above trick not working. it took me hours to solve the problem. :(]

Source and more tips.