The VPS is running CentOS and I have full access. I only looked around using the cPanel installation and already disabled anonymous FTP access. What other security risks are there with a default VPS install?
Asked
Active
Viewed 960 times
2 Answers
2
If you're running cPanel and have root (which it reads as if you do), install this free script, called CSF: http://www.configserver.com/cp/csf.html
There are several tools to check your servers security and in most cases, this software will tell you where to go, to "harden" your cPanel install. It's not a end-all-be-all to your cPanel security but it most definitely goes a long way! Good luck.
Oh... one more thing. If you don't use CSF (or anything else) the first thing I'd do is change your SSH port and disable root's access to SSH (make sure you have a new user created to join the sudo'ers and wheel groups). That's basic Linux stuff right there. You can lock SSH down even further by disabling password auth. into SSH, only allowing keys to gain access to SSH. Just my 2 cents. :)
Christopher Haynes
- 21
- 1
-
+1 for SSH keys. SSH is continuously brute forced. – jippie May 20 '12 at 08:18
2
I'll add some info to @ChristopherHaynes answer.
I also run some server for web purpose mainly and here's what I do :
First of all, I create a new user with non admin rights.
Then, I update the sshd_config file in order to :
- Disallow root access
- Change the port for SSH
- Allow ONLY the user I want (aka, the one I created in the first step)
I say that because if you see the logs, you'll see many tries regarding a lot of users, not only root, in your SSH connexions (www-data, etc). If you allow only a user that is not common, you will reduce the potentiality of a success attack.
Now, for the rest, you use CPanel so it should configure the server with your need and some security checks, but I don't personnaly like to use those "all in one server configuration" since they often install many unnecessary apps and are more subject to threat.
Of course, it depends on your knowledge of managing a server via command line, but for every app you install (http, ftp, etc), I warmly recommand you to search which options you should enable/disable in order to make it more secure.
With Apache for example, you can follow this tutorial, and this one.
And always take in consideration that the more app you install, the less secure your server become. (but this is all relative! It doesn't mean it will be more easily hacked, but it will be more potentially hackable).
Cyril N.
- 2,649
- 2
- 18
- 28
-
Disallowing `root` is a very good idea. The whole point of root is of escalation, if common access ( i.e. you log into the server as root daily ), the idea of esclation no longer exists. – Ramhound May 21 '12 at 11:56