Good place to start securing your Centos Build
nano -w /etc/sysconfig/network
Good place to start securing your Centos Build
nano -w /etc/sysconfig/network
Please note a new version of ossec is available, 2.4.1 The link below describes installation of 2.3 which has some issues when rebooting etc etc
Lighttpd is the web server of choice for low memory VPS applications.
Lighttpd is not included in the base CENTOS Repo, so you will need to install the RPMFORGE repo. then
yum install lighttpd lighttpd-fastcgi
Then setup some dir’s
mkdir /var/run/lighttpd
touch /var/run/lighttpd/php-fastcgi.socket
chown -R lighttpd:lighttpd /var/run/lighttpd/
nano /etc/php.ini
edith /etc/lighttpd/lighttpd.conf and either add or remove # to
mod_fastcgi
from the server modules
add access to php cgi with the following in the .conf file also
fastcgi.server = ( “.php” =>
( “localhost” =>
(
“socket” => “tmp/php-fastcgi.socket”,
“bin-path” => “/usr/bin/php-cgi”
)
)
)
info sourced from
http://davidwinter.me.uk/articles/2008/06/22/lighttpd-and-php-on-centos-5/
some good references for setting up .conf file with virtual hosts
http://www.cyberciti.biz/faq/howto-lighttpd-virtualhost-configuration/
So the PHP 5.3.2 is not in the default repository for Centos.
So we need to use the webtatic repository to install php 5.3.2 using the guide from here ->
http://www.webtatic.com/blog/2009/06/php-530-on-centos-5/
Fortunately, if you wanted to also run the APC module, this has already been compiled for us, we just need to enable it in the php.ini file like this ->
extension = apc.so
apc.enabled=1
apc.shm_size=30
Restart apache
/etc/init.d/httpd restart
and then check in phpinfo() that the module has been installed.
Deny hosts is a tiny program that will add ip addresses to the /etc/hosts.deny file when automated scripts try and brute force attack the sshd port.
The main vulnerability is the ROOT account which, should never be used to log into SSHD.
Set up a new user, add a strong password and then SSH into the server, su – will then allow you root priviledges.
To setup denyhosts
yum install denyhosts
then edit the config file
nano /etc/denyhosts/denyhosts.cfg
then start the daemon
/etc/init.d/denyhosts start
Be careful if you install MailScanner on your system.
If you have RPMFORGE repositories activated for YUM, MailScanner will break YUM due to some of the PERL dependencies.
You will cease being able to perform system updates, which is a bit of a problem.
The fix?
Disable RPM repositories, which will return YUM to its normal status.
nano /etc/yum.repos.d/rpmforge.repo
change enabled=1 to enabled=0
perform yum update and relax
Because 5.3.2 is not in yum repository, you have to install gd library like this
yum –enablerepo=webtatic install php-gd
Recent Comments