To disable Formmail in order to stop spam mails -
1) Command to find Mails -
find / -name “[Ff]orm[mM]ai*”
2) Command to find CGI mails -
find / -name “[Cc]giemai*”
3) To disable form mails -
chmod a-rwx /path/to/filename
this is will disable all the scripts.
B) Root kits should be installed -
- Set a root kit on a cron job, this will show if any one has hacked in the roots.
- Update the roots
1) Command to install chrootkit -
cd /root/
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit-0.44
2) To run chkrootkit -
/root/chkrootkit-0.44/chkrootkit
C) Installation of a root breach detector and warning of any emails -
pico .bash_profile
At the end of the page -
Add,
echo ‘ALERT – Root Shell Access on:’ `date` `name` | mail -s “Alert: Root Access from `the person accessing | awk ‘{print $6}’`” self@mail.com
Thereafter save the changes
Exit.
2) To release an SSH message -
pico /etc/motd
thereafter enter the message
Save changes
Exit
D) Changes to be made in WHM/cpanel to secure server -
Log in to cpanel>Server setup>Tweak settings
a) Domains -
Prevent users from parking/adding domains.
b) Mail -
Prevent pop3 connections loading
c) System -
Jailshell should be used as a default shell for all the accounts.
d) Server setup>Tweak security
1) Enable php open_basedir Protection
2) Enable mod_userdir Protection
e) Server setup>Manage Wheel Group Users
1) Remove all other users except for root and main account users.
f) Server setup > Shell Fork Bomb Protection
1) Enable Shell Fork Bomb Protection
g) Service Configuration>FTP Configuration
1) Disable Anonymous FTP
h) Account Functions>Manage Shell Access
1) Disable shell access
I) Mysql>MySQL Root Password
1) Change root password
j) Security>Run Quick Security Scan>Trojan Horses -
1) The following are not Trojan -
/sbin/depmod
/sbin/insmod
/sbin/insmod.static
/sbin/modinfo
/sbin/modprobe
/sbin/rmmod