CSF (ConfigServer Firewall) Server Test
After you have done all of this like in section 6.4 it recommends that you run a server test with CSF. Below is some things that I encountered with my test and how to fix them.
1. Firewall Check
a. The below options failed.
Check csf SMTP_BLOCK option
Check csf LF_SCRIPT_ALERT option
Check csf PT_ALL_USERS option
Check csf SAFECHAINUPDATE option
b. How to fix it.
CODE cd
nano /etc/csf/csf.conf hit Ctrl+w
Type in SMTP_BLOCK and hit enter
repeat this until u see SMTP_BLOCK="0", then change "0" to "1".
Do the same for the other 3 options, then Ctrl+x, y and hit enter to save.
2. Server Check
a. The below option failed.
Check /dev/shm is mounted noexec,nosuid
Check MySQL LOAD DATA disallows LOCAL
Check for cxs
b. how to fix dev/shim.
CODE cd
nano /etc/fstab
Find - tmpfs /dev/shm tmpfs none 0 0
change to - tmpfs /dev/shm tmpfs noexec,nosuid 0 0
CODE mount -o remount /dev/shm
c. how to fix MySQL LOAD DATA.
CODE cd
nano /etc/my.cnf
add under [mysqld]
CODE local-infile=0 hit Ctrl+x, then y, then enter to save it.
CODE service mysql restart
d. how to fix CXS.
First u must pay for ConfigServer eXploit Scanner (cxs)
CODE wget http://www.configserver.com/free/cxsinstaller.tgz
tar -xzf cxsinstaller.tgz
perl cxsinstaller.pl
rm -fv cxsinstaller.*
Now to setup CXS
1. Create a quarantine location, e.g.:
CODE mkdir /home/quarantine
chmod 1777 /home/quarantine
2. Use the example ignore file provided and amend to your needs:
CODE cp /etc/cxs/cxs.ignore.example /etc/cxs/cxs.ignore
3. Create a daily cron job to check for cxs updates and new Exploit Fingerprints, e.g.:
CODE 0 4 * * * /usr/sbin/cxs --upgrade --quiet
4. Create a daily cron job via the UI to scan all user accounts for exploits, e.g.:
CODE /usr/sbin/cxs -Z --mail root --vopt mMfhexT -I /etc/cxs/cxs.ignore --qopt Mv -Q /home/quarantine --all
5. Enable ModSecurity cxs scanning (see install.txt) via /etc/cxs/cxscgi.sh, e.g.:
CODE /usr/sbin/cxs -Z --cgi --mail root --qopt Mv -I /etc/cxs/cxs.ignore -Q /home/quarantine "$1"
6. If on a supported platform, run the cxs Watch daemon on all user html data via /etc/cxs/cxswatch.sh, e.g.:
CODE /usr/sbin/cxs --Wstart --mail root -Q /home/quarantine -I /etc/cxs/cxs.ignore --qopt Mv --www --all
7. If not on a supported platform for cxs Watch, or if preferred, Enable pure-ftpd cxs scanning (see install.txt) via /etc/cxs/cxsftp.sh, e.g.:
CODE /usr/sbin/cxs -Z --ftp --mail root --qopt Mv -I /etc/cxs/cxs.ignore -Q /home/quarantine "$1"
8. We strongly recommend that you subscribe via RSS to our blog to stay informed of updates to cxs and our other applications:
ConfigServer Blog
** For more info just login to your WHM then go to Plugins > ConfigServer eXploit Scanner, then click on Documentation. **3. Server Services Check
a. Check server startup for atd = failed
CODE service atd stop
chkconfig atd off
The rest is self explanable and easily done through the WHM! |
YourForum > Tutorials > cPanel Tutorials > How To: WHM/cPanel Hardening & Security - The Basics - Part 3
