|
Jun
25
|
1. On your firewall (you do have one don’t you?) check the incoming MySQL port and if 3306 is open, close it. If this port is left open it can pose both a security and server abuse threat since not only can hackers attempt to break into MySQL, any user can host their SQL database on your server and access it from another host and so (ab)use your server resources
2. Check /tmp permissions. /tmp should be chmod 1777
3. Check /tmp ownership /tmp should be owned by root:root
4. Check /etc/cron.daily/logrotate for /tmp noexec workaround. Due to a bug in logrotate if /tmp is mounted with the noexec option, you need to have logrotate use a different temporary directory. If you don’t do this syslog may not restart correctly and will write to the wrong (older) log files.
5. Check /var/tmp permissions. /var/tmp should be chmod 1777
6. Check /var/tmp ownership. /var/tmp should be owned by root:root
7. Check /var/tmp is mounted as a filesystem. /var/tmp should either be symlinked to /tmp or mounted as a filesystem
8. Check /var/tmp is mounted noexec,nosuid. /var/tmp isn’t mounted with the noexec,nosuid options (currently: none). You should consider adding a mountpoint into /etc/fstab for /var/tmp with those options
9. Check /usr/tmp permissions. /usr/tmp should be chmod 1777
10. Check /usr/tmp ownership. /usr/tmp should be owned by root:root
11. Check /usr/tmp is mounted as a filesystem or is a symlink to /tmp. /usr/tmp should either be symlinked to /tmp or mounted as a filesystem.
Check /etc/resolv.conf for localhost entry. You should not specify 127.0.0.1 or localhost as a nameserver in /etc/resolv.conf – use the servers main IP address instead
12. Check /etc/named.conf for recursion restrictions. If you have a local DNS server running but do not have any recursion restrictions set in /etc/named.conf this is a security and performance risk and you should look at restricting recursive lookups to the local IP addresses only. Unrestricted recursive lookups are as good as a DDoS attack against your system. They will eat up all your system resources
13. Check server runlevel. For a secure server environment you should only run the server at runlevel 3. You can fix this by editing /etc/inittab and changing the initdefault line to:
id:3:initdefault: and then rebooting the server.
14. Check nobody cron. You have a nobody cron log file – you should check that this has not been created by an exploit.
15. Check Operating System support. Make certain that your OS version is still supported by the manufacturer and that upgrades continue to be available.
16. Check SSHv1 is disabled. You should disable SSHv1 by editing /etc/ssh/sshd_config and setting: Protocol 2 (remove the hash # from in front of the line and edit out the 1.1)
17. Check SSH on non-standard port. Moving SSH to a non-standard port avoids basic SSH port scans. Edit /etc/ssh/sshd_config and setting: Port nnnn Where nnnn is a port of your choosing. Don’t forget to open the port in the firewall first!
18. Check SSH PasswordAuthentication. For ultimate SSH security, you might want to consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication.
19. Check telnet port 23 is not in use. Close this port in your firewall. Telnet is an insecure protocol and you should disable the telnet daemon if it is running
20. Check shell resource limits. You should enable shell resource limits to prevent shell users from consuming server resources – DOS exploits typically do this. If you are using cPanel/WHM set Shell Fork Bomb Protection.
21. Disable all instances of IRC – BitchX, bnc, eggdrop, generic-sniffers, guardservices, ircd, psyBNC, ptlink. If you are using WHM you can do this in the Background Process Killer.
22. Check apache for mod_security if not installed install it from source.
23. Check apache for mod_evasive. You should install the mod_evasive apache module from source to help prevent DOS attacks against apache. Note that this module breaks FrontPage functionality.
24. Check apache for RLimitCPU. You should set a value RLimitCPU to prevent runaway scripts from consuming server resources – DOS exploits can typically do this.
25. Check apache for RLimitMEM. You should set a value RLimitMEM to prevent runaway scripts from consuming server resources – DOS exploits can typically do this.
February 3rd, 2010 at 7:47 pm
я так считаю: спасибо!!
как познакомиться с мужчиной в Костроме: познакомлюсь с православным парнем Кострома
познакомлюсь в Салавате с юношей: женщина познакомится с молодым парнем Салават
где познакомиться в Королёве с хорошим мужчиной: познакомлюсь с богатым мужчиной Королёв
выйти замуж: знакомства в Арзамасе с мужчинами в Арзамасе для брака
где можно познакомиться с мужчиной: Ачинск где познакомиться с олигархом
познакомлюсь с парнем 18 лет – познакомлюсь с курсантом Салават
познакомлюсь с мужчиной для кунилингуса: в Ангарске тест как познакомиться с парнем
леди хочет секса – знакомства в Липецке с иностранцами
в Электростале дама познакомится с парнем в Электростале две девушки познакомятся
познакомлюсь с молодым мальчиком в Киселёвске: познакомлюсь с мужчиной с ребенком
познакомлюсь с парнем из россии – замуж в Орехово-Зуево за англичанина
February 4th, 2010 at 4:11 pm
я считаю: спасибо…
в Артёме знакомства с целью секса: bluesystem гей знакомства в Артёме
познакомлюсь с мужчиной с ребенком Мурманск Мурманск сайт знакомств lovering
видео секс знакомства Сочи сайт знакомств свингеров
21 знакомства Красноярск – ссылки на сайты знакомств
Муром bluesystem гей знакомства секс знакомства со взрослыми женщинами в Муроме
чат романтических знакомств – любовницы сайт знакомств
доска секс знакомств сайт быстрых знакомств
французские знакомства Артём: интим знакомства в контакте
самый крутой сайт знакомств Назрань: 4love ru знакомства в Назране
секс госпожа знакомство Невинномысск loveplanet ru сайт знакомств
сайт знакомств садо мазо galaxy знакомств
Назрань галактика знакомств коды – гей бдсм знакомства Назрань
первое знакомство с классом – гей знакомства в Мурманске на одну ночь
yandex знакомства – mambo сайт знакомств в Брянске
в Назране познакомлюсь с богатой женщиной – клуб знакомств глаза в глаза
February 5th, 2010 at 4:47 pm
я вот что скажу: мне понравилось…
Томск сваха знакомства Томск флирт знакомства
2gether знакомства – поиск по сайтам знакомств в Москве
официальный сайт секс знакомств в Твере dating ru знакомства
сайт брачных знакомств: познакомлюсь с семинаристом
знакомства по асе в Рыбинске – lets знакомства
самый посещаемый сайт знакомств: татарки знакомства
сайт знакомств с азиатами секс знакомства камера в Электростале
vkontakte знакомства анекдоты про сайты знакомств
чат дом 2 крутомер сайт знакомств
крутомер ru клуб знакомств – анкеты в Иваново с номерами телефонов знакомств
православная служба знакомств мир секс знакомств в Санкт-Петербурге
yandex ru знакомства познакомлюсь с мужчиной
клуб знакомств диалог в Элисте в Элисте знакомства лове планет
порно геи Владимир – в Владимире mamba знакомства интим
клуб знакомств слияние двух лун в Щёлково – сайт серьезных знакомств Щёлково
в Элисте знакомства с красивыми девушками: познакомлюсь с мужчиной
сайт знакомств вконтакте – познакомлюсь для интима
сайты знакомства в Иваново и общения: в Иваново сайт галактики знакомств
сайт знакомств понравиться ру сайт знакомств с ранетками
February 7th, 2010 at 7:01 am
и всё эе: прелестно!
в Старом Осколе сайт гей знакомств – международный сайт гей знакомств в Старом Осколе
чат знакомств для геев: Владивосток гей знакомства мужчин за 30
секс геев: знакомства парней +с парнями
Ноябрьск гей знакомства за 30 – Ноябрьск знакомства для геев объявления
гей транс знакомства: знакомства геев на блю систем
гей знакомства для любви Саранск знакомства для геев
международный сайт гей знакомств гей видео знакомства
гей эскорт Таганрог: гей портал знакомств
гей клуб – гей чат знакомства в Саранске
гей порно знакомство онлайн – гей знакомства через аську
гей порно знакомство онлайн знакомства для толстых геев в Новокузнецке
гей знакомства для подростков – гей знакомства по аське
гей знакомства в Северске на мамба: Северск знакомства для геев по городам
гей знакомства в Москве по аське – гей знакомства для секса
знакомства парней +с парнями гей знакомства с иностранцами в Якутске
Сызрань гей плешка знакомства – гей клуб
в Белгороде гей порно знакомство онлайн – сайт знакомств для подростков геев
February 9th, 2010 at 2:18 pm
итак: превосходно!!
любовный гороскоп телец 2010 – любовный гороскоп телец
отдохни спецвыпуск гороскоп 2010 – любовный гороскоп 2010 лев
близнецы бык гороскоп близнецы бык гороскоп
гороскоп стрижек на ноябрь – гороскоп стрижек
персональный гороскоп на год: гороскоп на год близнецы
гороскоп для девушек: гороскоп для мужчин
гороскоп 2010 рак тигр гороскоп рыба женщина
гороскоп совместимости овен близнецы – юмористический гороскоп знаки зодиака
гороскоп совместимости весы водолей гороскоп совместимости рыбы и близнецы
гороскоп дракон телец 2010: близнецы гороскоп 2010 карьера
кошачий гороскоп кошачий гороскоп
February 23rd, 2010 at 1:31 pm
ocljlwijlmcds
March 10th, 2010 at 7:45 am
You have to express more your opinion to attract more readers, because just a video or plain text without any personal approach is not that valuable. But it is just form my point of view
March 13th, 2010 at 2:14 am
You have really great taste on catch article titles, even when you are not interested in this topic you push to read it
March 17th, 2010 at 11:25 am
zaUFrN vehdcfypidvf, [url=http://pbprvbybtpsj.com/]pbprvbybtpsj[/url], [link=http://hsylcxqqzeci.com/]hsylcxqqzeci[/link], http://mznhizpmseft.com/
March 19th, 2010 at 3:05 pm
Great post, I bet a lot of work and research went into this article.
April 2nd, 2010 at 11:17 pm
Switzerland VPN service for the privacy concerned: http://www.vpn-privacy.org/index.php?main_page=index&cPath=8
April 3rd, 2010 at 9:24 pm
I sincerely must to get out of the condo alot more and also eliminate spending the vast majority of of my daylight hours logging hands in poker on myspace or facebook merely because these days i have been not been able to get up to date regarding this. Although I find it difficult to announce that I wholeheartedly agree with every single phrase, its nice to read some reasonable writings as a substitute for the popular spam I come across flying all around the web.
April 7th, 2010 at 9:53 pm
hey really good little blogging site you have there
I am using the identical template on my own yet somehow for whatever weird factor it would seem to stream earlier on your blog despite the fact that yours has got a whole lot more multimedia. Are you using any individual plugins or widgets that speed it up? If you could quite possibly have the names so I might use them in my personal resource site so twilight eclipse followers could watch twilight eclipse online trailers and films a lot quicker I’d personally be ever so happy – thanks ahead of time 
April 24th, 2010 at 5:50 pm
Buy Valium without prescription online. buy valium without prescription, MfY5SzuEc3
April 28th, 2010 at 12:04 am
now see, this kind of stuff really doesn’t make sense
May 2nd, 2010 at 5:00 pm
hi there terrific little website you have here
I operate the matching design template on my own website but for whatever weird reason it seems to reload swifter on this web site eventhough your own has got considerably more material. Are you currently applying some plugins or widgets that will quicken it up? Do you think you could quite possibly give the plug ins so maybe I might use them on my personal resource site so twilight eclipse fans could watch twilight new moon online trailers and videos more easily I would always be thankful – cheers ahead of time 
May 7th, 2010 at 2:22 pm
Wonderful insight
May 13th, 2010 at 2:48 am
hello there, i just came across your website listed on bing, and i must comment that you compose awesomely well via your website. i am really moved by the method that you write, and the subject is quality. in any event, i would also like to know whether you would love to exchange links with my web portal? i will be more than willing to reciprocate and put your link on in the link exchange area. anticipating for your reply, i would like to convey my appreciation and have a great day!
May 16th, 2010 at 11:56 pm
Is it me or did this article make you want to buy an iPad?
May 19th, 2010 at 9:13 am
hello it is my first reply on this website and at first I would like to thank you for the great quality information, which I were able to find in this and all previous topics , it really helped me very much. I will definitely put this blog on my rss reader
Also, I would like to ask – don’t you mind if I will quate some information from your blog because I am writing articles for the Helium, Ezine and other articles directories (this is my part time job)? It would really help me with some of mine articles. Of course, I will mention your blog title or URL (not all articles directories allows URL’s , so I can’t 100% promise that you will get a direct backlink to your blog).
May 29th, 2010 at 6:10 am
6PdZH4 http://f8j3ndYbs83Bbq06Wlavp.com
June 2nd, 2010 at 6:20 am
Well I see that your written work is rather solid with an assorted range of good information. Anyway, was curious whether you would like to exchange contacts with my web portal, as I am searching to compile more web links to further spear point and get better web exposure for my web site. I don’t really mind you stationing my links at the main page, just getting this web links on this particular link is great and sufficient. Anyway, would you be kind enough be kind enough to contact me at my web site if you are keen in the link exchange, I would really appreciate that. Thank you to you and hope to get a reply from you as soon as possible!
June 4th, 2010 at 5:02 pm
The Amyloidosis Foundation estimates that approximately 3,000 people are diagnosed with amyloidosis each year in North America and that blood cancers overall have increased more than 40% in the last decade.
June 6th, 2010 at 10:47 am
concerns during the year.
June 6th, 2010 at 9:48 pm
hi i submitted a question quite some time back regarding exactly how to speed up my twilight eclipse site’s loading time seeing that we used the very same theme at that time and somebody left a remark responding to it on my website a week ago – if that was you I just wanted to say regards, and if it was not you then sorry to bother you, but thanks anyhow!
June 8th, 2010 at 10:22 am
Hi, I’m very interested in Linux but Im a Super Newbie and I’m having trouble deciding on the right distribution for me (Havent you heard this a million times?) anyway here is my problem, I need a distribution that can switch between reading and writing in English and Japanese (Japanese Language Support) with out restarting the operating system.
June 9th, 2010 at 3:30 am
Nice to see a collection of relevant information.I actually hate Blogs with all advertizing,but your blog is something which i can describe a great blog made to provide Info.I have Bookmarked your blog to my list of daily surfing blog.Greetings
June 12th, 2010 at 5:54 am
Thank you very much. This really helped me with my work. I appreciate your help. Thanks a lot.
June 16th, 2010 at 4:33 pm
what goes up, ought to come down?
June 17th, 2010 at 10:52 pm
This is a terrific post, but I was wondering how do I suscribe to the RSS feed?
June 17th, 2010 at 11:19 pm
Hi, I’m very interested in Linux but Im a Super Newbie and I’m having trouble deciding on the right distribution for me (Havent you heard this a million times?) anyway here is my problem, I need a distribution that can switch between reading and writing in English and Japanese (Japanese Language Support) with out restarting the operating system.
June 18th, 2010 at 2:35 am
Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I’ll be subscribing to your feed and I hope you post again soon.
June 18th, 2010 at 5:43 am
How about
June 19th, 2010 at 4:24 am
Excellent post. Just found it on AOL. Thank you for the useful info. Keep up the great work