Unmanaged dedicated servers – basic security to make it secure
June 5, 2009 · Print This Article
Once you outgrow shared hosting or you want to move from your reseller hosting account to having your own dedicated server, you have two options, you can get a managed dedicated server (the server company or a third party manages security, applying patches, updates and the general wellbeing of your server) or you can get unmanaged dedicated server which you have to manage yourself. The going rate for third party managing a dedicated server seem to to start from about £100 per month.
If you prefer to save money and manage the server by yourself, you can certainly do this, all you have to do is apply some tried and tested setup to update and secure your dedicated server. The list below gives some of the most important things you need to do on your unmanaged server to ensure its secure.
Disable direct root login – By default you can login directly to the root of Linux/Unix servers, add an extra layer of security by disabling this so that you need to login as admin first before you can login as root. Naturally you should set two different passwords for root and admin users.
Difficult complex password - Set hard password that includes alphanumeric numbers, upper and lowercase letters for both root and admin account.
Install a firewall
Spam protection – Setup rule import rfxn.com, spamhause.org and dshield.org
Setup the spam assassin
Set up “logwatch” to monitor logs and send email to you should a security related even take place.
Install automatically root kit scanner - This scans your server every day to see if root kit is installed on your server. (Set cron to run this and send report to you).
Set minimum password strength for accounts on your server to 10
Enable brute force protection
Enable open base dir protection for PHP to prevents users from opening files outside of their home directory with PHP
Create a custom/changed sendmail script to log spammers whose want to use form found on your server to send spam.
Enable secure FTP (anonymous ftp should be disabled.
To reduced server resources use change your mail server to Dovecot if it comes with Courier, have very high memory usage.
Setup the log rotation to delete or store old log files
Recompile Apache and PHP with the options SuPHP, and all security related modules.
Install GD for image manipulation, openSSL, mod auth, mod bandwidth
Install Ion Cube and Zend.
Setup Hardened PHP (Suhosin). Is the same PHP version 5.2.8 just with enhanced security (http://www.hardened-php.net/)
Setup and enable automatic updates for the server.
Update the server and system software.
Please not that the above should not necessarily be done in the order listed above and you may not even need to all especially if you are not reselleing hosting space on the server.
This is some text prior to the author information. You can change this text from the admin section of WP-Gravatar Test Bio for Temi Read more from this author
Comments
One Response to “Unmanaged dedicated servers – basic security to make it secure”
Got something to say?
You must be logged in to post a comment.
A lot of people will want to manage the server on their own. This list of “things to do” is welcomed by most of them.
As I know, not all of them enable Secure Ftp and they keep anonymous ftp ON, that’s quite a problem which I guess they don’t pay attention to much.
Updates to the servers must be one of the firsts important things that MUST be done, although not all the users do that either, so after couple of days / months they are crying out loud cause their server was hacked.
Root-kit scanners must be installed as soon as possible, everyone should know that in 90 % of cases, hackers are installing root kits on the servers. Besides that, brute force must be on so the encrypted data will be safe !
Good list, I hope users will understand how important is the safety of their servers !