Linux and windows Forum by Anil Raut: IMP steps to optimize the new plain server

Monday, July 16, 2007

IMP steps to optimize the new plain server

There is not really a default package we use, since every system has different needs.
With a new system we couldn't know what it'll be used for though, so in that case we just ask the client a couple of questions what he will use the server for, so we can optimize the server for that purpose. For instance if a server uses a lot of PHP and MySQL, it's a good idea to setup a PHP accelerator and MySQL query caching, since that improves performance a lot. Same goes for CGI.

And if it is a regular cPanel server, then the things are quite easy as follows:

- In the main configuration we did the initial setup of the cPanel server, nothing unusual, same goes for basic security.

- SSH configuration: just disabling direct root access and things like that, speaks for itself.
Firewall configuration: we use APF from rfxnetworks.net and just configure it.

http://www.eth0.us/?q=apf.

Furthermost some other scripts from rfxnetworks.net were installed like bfd and lsm
- System integrity is also from rfxnetworks.net and the installation all speaks for itself.
Make sure to not enable monitoring SMTP and FTP though since that very often leads to false positives - Environmental security: simply securing the tmp partition and things like that.

For sysctl use the ruleset here:

http://www.eth0.us/?q=sysctl -

For mod_security use the steps

http://www.eth0.us/?q=mod_security

- For Apache compilations in cPanel use /scripts/easyapache and by default we enable things like GD, curl, curl ssl

- ssh security is just a matter of installing the latest versions - rkhunter can be found on

http://www.rootkit.nl/.

If it returns false positives make sure to run rkhunter --update (or something like that, don't recall the exact command)

- For the email scanning thing. use this tutorial:

http://www.rvskin.com/index.php?page=public/antispam

Furthermost take care of things, such as kernel upgrades, security patches, software upgrades, setup eaccelerator and anything else that may be useful like disabling the following apps for unauthorized users:

chmod 750 /usr/bin/rcp
chmod 750 /usr/bin/wget
chmod 750 /usr/bin/lynx
chmod 750 /usr/bin/links
chmod 750 /usr/bin/scp

If you use the above securities on your server then it is more secure.

: Name: The Great Anil; Location: Nasik, Maharashtra, India

This is Anil..its quite difficult to understand me easily...;) I am a simple and fun loving person, very tech savvy,loves to work anytime anywhere and all the time. Like to work on any distro of Linux with any flavor. Its a Linux fever which inspires me to do the best things in the world of Linux. ..................Linux Kills me !!!

View my complete profile

Blog Design By: BlogSpot Templates

Linux and windows Forum by Anil Raut

Monday, July 16, 2007

IMP steps to optimize the new plain server

About Me

Previous Posts

Archives