Securing Your Linux Server
The most important thing that you must do with any server, whatever operating system it is, is to make sure that it is secure and that it can’t be compromised in any way. This is relatively easy with Windows since there are default firewalls built in, and anti-virus is widely available; however, with Linux there are no default firewalls as such, but a wide variety of open source ones that you can choose from - in this article we will be focussing on the most common one which is known as ‘CSF’. There are no viruses as such for Linux, but hackers create malicious codes for Linux machines known as ‘RootKits’ which can cause damage to a Linux machine and are almost impossible to get rid of without a system reload; we will also be focussing on a tool for hunting out root kits known as ‘RootKit Hunter’.
CSF (Config Server)
CSF is a freely available firewall for Linux which can be configured exactly as you want it to be. It has web interfaces for both WHM and Webmin meaning that you are able to control it from any location where you have access to the internet. CSF is fairly easy to install; all you have to do is follow these steps:
1) Download the CSF tarball from: http://www.configserver.com/free/csf.tgz using the ‘wget’ command.
2) Unpack the tarball by running ‘tar -xvzf csf.tgz’.
3) Check that you have all the necessary components on your box, then move yourself to the CSF directory by running ‘cd csf’.
4) Run ’sh install.sh’ and CSF will be installed!
After that all you need to do is edit the CSF config file which is located at ‘/etc/csf.conf’; you will need to add all the ports that you want open and change the ‘testing value’ to ‘0′ so that CSF is run productively.
By using a firewall such as CSF vulnerable ports which could be used to compromise your server are blocked meaning that the your server is of the highest security; requests to such ports will be blocked, and multiple requests to open ports which result in several failures of one type or another will lead to the source IP address being blocked. It is reccommended that you use one of the web interfaces to manage CSF if you do not have the necessary technical knowledge as you could end up being locked out of your server if you do something wrong with CSF.
Rootkit Hunter
Rootkits can be very hard to detect on a Linux machine, and by the time that you have discovered that a rootkit is harvesting itself on your box it will be too late. However, it will never be too late if you have Rootkit Hunter installed on your machine and scheduled to run at a certain time each day - any rootkits found will then be logged and emailed to you, so that you can then take action as appropriate. To install Rootkit Hunter, follow these instructions:
1) Download the latest version of Rookit Hunter from http://www.rootkit.nl/.
2) Unpack the tarball by running ‘tar -xvzf rootkithunter-version.tar.gz’.
3) Move yourself to the Rootkit Hunter directory by running ‘cd rootkithunterdirectory’.
4) Run the installation file: ’sh install.sh’.
That’s it - RootKit Hunter is installed! You can then use custom scripts and cron jobs to configure and schedule Rootkit Hunter as you want. Rootkit Hunter is just a searcher for Rootkits and doesn’t remove the malicious piece of software. In order to remove most Rookits, the operating system will need to be reloaded - in most cases.
