AWS Monster | Your Technical Partner

Access CSF UI on your browser with the specified port and click on "Check Server Security" . CSF will provide you some tips to secure your server . After that now check the report below: # vi /etc/ssh/sshd_config Port 22XX UseDNS no # systemctl restart sshd # vi /etc/my.cnf [mysqld] local-infile=0 # systemctl restart mariadb You can also enable 'RESTRICT_SYSLOG option check, LF_POP3D option check, LF_IMAPD option check, SYSLOG_CHECK option check, RESTRICT_UI option check, Check SSH PasswordAuthentication'.   This option helps prevent brute force attacks on your server services RESTRICT_SYSLOG = "3" LF_POP3D = "3" LF_POP3D_PERM = "1" LF_IMAPD = "3" LF_IMAPD_PERM = "1" SYSLOG_CHECK = "300" Important setting for me : #vi /etc/csf/csf.conf TESTING = "0" Don't Block IP addresses that are in the csf.allow files. IGNORE_ALLOW = "1" ICMP_IN = "1" ICMP_OUT = &qu

CSF Web UI required some of Perl modules to be installed on your system. Use the following commands to check the required modules are installed operating system. If not present please install those packages . # yum info perl-IO-Socket-SSL.noarch perl-Net-SSLeay perl-Net-LibIDN perl-IO-Socket-INET6 perl-Socket6 To enable CSF web UI edit /etc/csf/csf.conf file # vi /etc/csf/csf.conf # 0 = Unrestricted UI # 1 = Restricted UI # 2 = Disabled UI RESTRICT_UI = "0" # 1 to enable, 0 to disable UI = "1" # Do NOT enable access to this port in TCP_IN, instead only allow trusted IP's # to the port using Advanced Allow Filters (see readme.txt) UI_PORT = "1025" # Leave blank to bind to all IP addresses on the server UI_IP = "" # This should be a secure, hard to guess username # This must be changed from the default UI_USER = "admin" # This must be changed from the default UI_PASS = "adminX" edit /etc/csf/ui/ui.allow configurat

CSF is an application-based firewall for iptables provided for Linux servers. CSF has many features and can support web-based management tools like CWP, cPanel/WHM, DirectAdmin and Webmin. CSF is easy to install and use on the server, it makes security management easier for sysadmins. To add more power to this, it comes with a Login Failure Daemon (LFD) script that runs all the time to scan for failed attempts to login to the server to detect bruteforce-attacks. There are an array of extensive checks that lfd can perform to help alert the server administrator of changes to the server, potential problems and possible compromises. LFD also blocks IPs if a huge number of failed logins are appearing from that IP. The block is temporary. It also allows the admin to view the blocked IP by enabling an email alert service. Some of the features include: Login Tracking Process Tracking Directory Watching Advanced Allow/Deny features Block Reporting Port Flood Protection ....etc Befo

Hide DNS Software Version :  Sometimes a new vulnerability is found in DNS software and script kiddies are scanning the Internet to exploit unpatched systems. It's a best practice to hide software version on your DNS servers, although this is not a real protection it just makes a little harder to find your servers via scanning. Use dig command to find which version is running on your name servers: $ dig +short @ns1.example.com version.bind txt chaos "9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1" Bind To hide version in when using Bind, open named.conf configuration file using your favorite editor, go to options section and set a custom version string using version option. Example: // /etc/named.conf options { // Hide bind version version "unknown"; }; Restart the server (use bind9 instead of named on systems based on Debian): $ sudo service named restart Stopping named: . [ OK ] Starting named:

My WebServer DNS root zone file is outdated and it has no information about IPv6 and recently changed root server IP address. How do I update my root hints data file under CentOS 7 Server? Under Red Hat / CentOS / Fedora Linux, default location is /var/named/named.root, enter: # wget --user=ftp --password=ftp ftp://ftp.rs.internic.net/domain/db.cache -O /var/named/named.root Reload rndc to update information, enter: # rndc reload Another option is run dig command to fetch information: # dig +bufsize=1200 +norec NS . @a.root-servers.net > /var/named/named.root The root zone's nameservers change over time, don't assume this list is current. Always download a new version of db.cache once or twice year is sufficient. This article based on: Link 1   Link 2