LIVEINHOST SECURITY HARDENING

SECURE YOUR VPS & DEDICATED SERVERS WITH LIVEINHOST SECURITY HARDENING SCRIPTS

Just $59.99 only

LIVEINHOST HARDENING

LIVEINHOST Security Hardening of servers that are being prepared to be deployed
to a production environment. One script that does the complete
hardening of your server for just $59.99.
  • GET YOUR SERVER HARDENED NOW ITSELF

    Just $59.99 only

ONE SCRIPT THAT DOES THE FOLLOWING SECURITY CHECK IN YOUR SERVER

  •  Initial Check-up
  •  Run rkhunter for a quick scan
  •  Run chkrootkit for a quick scan
  • Check Listening Network Ports
  • Enforcing Stronger Passwords by pam_cracklib module
  • Hardening sysctl.conf
  • Secure /tmp, /var/tmp and /dev/shm with mount options noexec, and nosuid
  • Install Logwatch and review logwatch emails daily. Investigate any suspicious activity on your server
  • Web Server Secure & Optimization
  • Mysql Renice for better performance
  • Php Tightening
  • Control Panel Tweaking for better security & performance
  • Check whether server IP address is listed in RBLs
  • Scan /home for suspicious files and symlinks
  • Remove unsecure RPMs
  • Inetd hardening
  • Host.conf Hardening
  • Hardening Pure/Proftpd
  • Check for any errors during server boot up
  • List all account backup files (tar.gz) that are taking up disk space
  • Check whether the server has sufficient free memory and swap space
  • Confirm that server does not run out of disk space and inode usage any time soon
  • Check and confirm that there are no suspicious network connections to any remote server(s)
  • Check for any suspicious processes running on the server
  • Clean up old or unwanted temporary files from /tmp partition
  • Scan for any hidden processes running on the server that may not be listed in “ps” output
  • Check for any users with shell access on the server other than root user
  • Check whether a normal user can execute root commands via sudo
  • Check the version of Apache currently installed on the server
  • Check the version of Apache currently installed on the server
  • Check whether the kernel version is update
  • Check for bad disk blocks in all partitions using SMARTD Health Check
  • Clean Spam, Frozen and unwanted mails in mail queue
  • Scan for suspicious files using maldet / clamav
  • Scan for files and directories with no user associated with them
  • Check for unsafe file permissions and Disabling some executables
  • Check the memory/CPU (system health check using systat)
  •  Scan for files and directories with world-writable permissions
  • Scan and list all suspicious symlinks under home directory
  •  Check server load and partitions to perform maintenance activities
  •  Scan for *.c or binary files (which have possible security issues)
  •  Check dmesg output
  •  Check history for root and su user
  •  Change the permission of a directory and its subfolder to default permission
  •  Examine common linux log files
  •  Check tcp connections and make sure no unwanted ips or ports are listed
  •  Check for Chargen
  •  Check the size of the log files. It’s better that the log size remains in megabytes
  •  Check Load on the server ­­ Quick check of running processes using ps, netstat, lsof, top etc
  •  Scan and list all *.tar.gz files under “/home” and “/backup” that are more than 6 months old
  •  Turn off recursive query globally in named.conf to avoid dns amplification attacks
  •  Hide server version details for httpd,ftpd,named
  •  Check listening network ports
  •  Restrict users to execute cro
  •  Disable the PHP functions “system, exec, shell_exec, passthru, popen, proc_open, show_source, symlink”
  •  Tune kernel parameters
  •  Disable unused services
  •  Install IFTOP which displays a frequently updated list of network bandwidth utilization (source and destination hosts) that passing through the network interface
  •  Performance checks
    iostat reports CPU, disk I/O, and NFS statistics
    vmstat reports virtual memory statistics
    mpstat reports processors statistics
  •  Turn off compilers. Most rootkits come precompiled but not all of them do. It will also prevent shell users from trying to compile any irc related programs
  •  Enable PHP open_basedir Protection : PHP open_basedir protection prevents users from opening files outside of their home directory with php
  •  Include safe_mode for PHP 5.x and below. Safe_mode ensures that the owner of a PHP script matches the owner of any files to be operated on
  •  Enabling suEXEC provides support for Apache to run CGI programs as the user ID of the account owner
  •  Move mails to maildir format
  •  Preparing a list of all world writable files and directories. This will reveal locations where an attacker can store files on your system
  •  Look at no_owner for all files that do not have a user or group associated with them. All files should be owned by a specific user or group to restrict access to them
  •  Updated rules for mod security
  •  Logcheck installation
  •  Update php­pear and gem modules
  •  Tackle down the currently infected files on the server by using AUTOBOTS