All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Security tools for Linux server
Hello-
I rent a dedicated server, for my own web sites. I am very paranoiac, and my biggest fear is to have my server compromised. I am blocking all ports that I am not using. SSH is configured to be accessible only from my fixed IP and with authentication with private/public key. Webmin is also accessible only from my fixed IP. I am not using third parties cms or php scripts. I keep my OS (Debian) up to date (checking everyday). As for PHP I am using the latest version from the PHP site, and installing each time a new version is published. I am not using third parties PHP extensions beside those bundled with the PHP package.
Sorry if it sounds naive, but is there anything else I can do or do better? (Beside staying off-line).
Also, I frequently check my server with chkrootkit, rkhunter and clamav. Is it good? Are their other tools?
I understand that clamav is just "okay", but is it a "enough-okay" ?
Thanks,
ps: by the way the PHP PEAR package manager has been compromised : https://thehackernews.com/2019/01/php-pear-hacked.html . I am not using it , but I thought it was worth mentioning it.
Comments
Installing a new PHP version every time one is released might break your site, as one day you might upgrade to a PHP version with major breaking changes that will cause some functions on your site to not work properly.
If you're looking for more security you could look into port knocking for SSH, fail2ban for SSH brute forcing, and SELinux for kernel security.
If you're looking for more security for PHP, you could look into a WAF for your webserver. Modsecurity is a great option for Apache2 and Nginx. There is also Naxsi for Nginx.
If your website is very important to you and you hold sensitive data, I would recommend Cloudflare. You could use the free version or the $20, if you want to use their WAF. Using Cloudflare will also allow you to hide the backend server for your website, by restricting traffic only from Cloudflare's IP ranges. This can make it harder for attackers since they will not know the website's backend IP address.
Good luck on your security.
Sorry. My VPSes are basically wide open doors in rough neighbour hoods compared to that.
Two tools I really like are
fail2banandunattended-upgradesbut they would be useless for you I thinkI am installing new versions of PHP on my dev box before installing it on my production server. Also, as far I know, when the developers of PHP are about to make significant changes which could result in breaking code, they first mark functions as depreciated for a while before changes go live. So I am keeping an eye on warning message too.
I did not mention it, but in fact, the SSH port is closed at the firewall level, and just accessible from my fixed IP.
Thank you @syntrino
+1 fail2ban.
https://github.com/trimstray/the-practical-linux-hardening-guide
If you're really that paranoid, you shouldn't be using webmin, at all.
Anyhow, firewall yourself well with iptables. Application level access control lists are exploitable and never good enough. You need the kernel to filter packets and connections.
I do most of things in command line, but I have to confess that Webmin is very convenient too. I set Webmin to only allow access to my static IP, and I use a randomly generated password.
As I mentioned in my first post, I am using iptables to block all ports.
I allow only 80, 443, 25 and 587 for everybody.
My sites can send emails, when someone posts a message, a confirmation is asked by email. This server also hosts a mail server, but only to receive emails. I found out that it works if I leave ports 25 and 587 opened.
All ports are opened when the source is "my" static IP.
Does it sound correct?
I'm assuming that since you use webmin, you're not chrooting, and everything runs under a single www user? That'll be your Achilles.
There is a tool for that called Lynis.
https://cisofy.com/lynis/
Very good tool to check different weird config issues and many other things.
Very paranoid, and very good to be clear.
I'm almost the same but don't have serious business on my vps's ,
But I notice weired thing when I checked my new vps log , attackers send sort of hexadecimal characters to break the system , I'm not security expert nor follow kernel vulnerability but there may be away to trick the system to open it it door for un authorized person ,
Last since your're hosting a website the main weakpoint will be the webserver and the application you run on it ,attack like XSS could lead to system breach without you notice fast .
Some hints
Don't use debian but a more security centric linux distro (like alpine). Don't get me wrong, debian is a good distro and I like it a lot but debian also is the distro which probably f_cked up the most wrt security. Debian using systemd (like most distros) is also a minus.
PHP? Security and PHP in 1 sentence? Sure?
Use a HIDS (host intrusion detection system)
Follow hardening guidelines like the one mentioned above. There's lots of screws to be tightened in a linux system. File system options are just one example.
Thank you. I am going to learn more on the subject and see how I can improve this.
Thank you. I also found "Tiger" ( http://nongnu.org/tiger/ )
Thank you. Yes, i am trying my best to secure my scripts and webserver. I wrote my own PHP scripts, trying to keep them simple and I keep auditing them to find possible weaknesses.
Okay. I'll try it the next time I change my server, or reinstall the one I am currently using.
okay
Thank you everybody for your suggestions and remarks.