Install logwatch
yum install logwatch
send logwatch email
logwatch --detail Low --mailto [email protected] --service http --range today
Logwatch configuration file
vim /usr/share/logwatch/default.conf/logwatch.conf
yum install logwatch
logwatch --detail Low --mailto [email protected] --service http --range today
vim /usr/share/logwatch/default.conf/logwatch.conf
Install mod security24 very important
yum install mod24_security
https://www.ssllabs.com/ssltest/analyze.html?d=david.raleche.com&latest
Apache User
chown -R apache:apache .
Files
find . -type f -print0 | xargs -0 chmod 0400
Directory
find . -type d -print0 | xargs -0 chmod 0500
writable for storage and cache folder
chmod -R 700 storage/
chmod -R ug+rwx storage bootstrap/cache/
find . -type d -print0 | xargs -0 chmod 0755 sudo find . -type d -print0 | sudo xargs -0 chmod 0755
find . -type f -print0 | xargs -0 chmod 0644 sudo find . -type f -print0 | sudo xargs -0 chmod 0644
grep -r --include=*.php -e '[[:alnum:]\/\+]\{137,\}'
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Tutorials.WebServerDB.CreateWebServer.html
https://certbot.eff.org/lets-encrypt/debianjessie-apache
wget https://dl.eff.org/certbot-auto sudo mv certbot-auto /usr/local/bin/certbot-auto sudo chown root /usr/local/bin/certbot-auto chmod 0755 /usr/local/bin/certbot-auto sudo /usr/local/bin/certbot-auto --apache
(2) make sure you close http via aws inbount and ACL
sudo /usr/local/bin/certbot-auto --apache
<Directory /var/www/xxxx>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
Directories 775
Files 664
find . -type d -print0 | xargs -0 chmod 0755
sudo find . -type d -print0 | sudo xargs -0 chmod 0755
find . -type f -print0 | xargs -0 chmod 0644
sudo find . -type f -print0 | sudo xargs -0 chmod 0644
sudo chown -R apache:apache .
grep -r --include=*.php -e '[[:alnum:]\/\+]\{137,\}'
(1) create ec2 instance
(2) create vpc Make usre to have public IPV4 dns
Get your VPC ID from your EC2 dashboard.
Go to VPC dashboard. Select your VPC with VPC ID.
Click on Actions and Select "Edit DNS Hostnames".
Select Yes and click Save.
Now you can find Public DNS IPv4 value in EC2 dashboard.
(3) create subnet – 172.30.3.0/24 250 available ip addresses make sure auto-assign IPV 4
(4) create internet gateway
(5) create route tables – ADD 0.0.0.0/0 to internet gateway
yum update -y
<VirtualHost *:80>
DocumentRoot "/www/docs/host.example.com"
ServerName ec2-3-88-63-157.compute-1.amazonaws.comm
ErrorLog "logs/host.example.com-error_log"
TransferLog "logs/host.example.com-access_log"
</VirtualHost>
wget https://dl.eff.org/certbot-auto
[email protected]:~$ wget https://dl.eff.org/certbot-auto
[email protected]:~$ sudo mv certbot-auto /usr/local/bin/certbot-auto
[email protected]:~$ sudo chown root /usr/local/bin/certbot-auto
[email protected]:~$ chmod 0755 /usr/local/bin/certbot-auto
[email protected]:~$ /usr/local/bin/certbot-auto --help
/usr/local/bin/certbot-auto --debug --apache certonly -d raleche.com
sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
sudo amazon-linux-extras enable php7.3
sudo yum -y install php-cli php-pdo php-fpm php-json php-mysqlnd
[ec2-user ~]$ sudo systemctl start httpd
[ec2-user ~]$ sudo systemctl enable httpd
[ec2-user ~]$ sudo systemctl is-enabled httpd
To ensure that all of your software packages are up to date, perform a quick software update on your instance. This process may take a few minutes, but it is important to make sure that you have the latest security updates and bug fixes.
The -y option installs the updates without asking for confirmation. If you would like to examine the updates before installing, you can omit this option.
[ec2-user ~]
$ sudo yum update -y Install the lamp-mariadb10.2-php7.2 and php7.2 Amazon Linux Extras repositories to get the latest versions of the LAMP MariaDB and PHP packages for Amazon Linux 2.
[ec2-user ~]
$ sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 p
Nmap is a great port scanner, but sometimes you want something more authoritative. You can ask the kernel what processes have which ports open by using the netstat
utility:
-t
TCP only-l
Listening ports only-n
Don’t look up service and host names, just display numbers-p
Show process information (requires root privilege)
netstat -tlnp
Linux Malware Detect and ClamAV are two effective tools to easily scan for malware and viruses on a VPS server. In this article, we are going to install both programs on CentOS. These steps will work on both CentOS 6 and 7.
Install Linux Malware Detect from the official website. At the time of writing, the current version is maldetect-1.4.2.
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xvf maldetect-current.tar.gz
cd maldetect-1.4.2
./install.sh
Once the installation finishes, Linux Malware Detect will automatically create a daily cronjob task.
All configuration settings of Linux Malware Detect are stored in the file /usr/local/maldetect/conf.maldet
. Configure the following subset of options:
email_alert=1
[email protected]
email_subj="Malware alerts for $HOSTNAME - $(date +%Y-%m-%d)"
quar_hits=1
quar_clean=1
clam_av=1
For the values below, 1=true
and 0=false
.
email_alert=1
: If you want to receive notifications via email.[email protected]
: Enter your email address.email_subj="Malware alerts for $HOSTNAME - $(date +%Y-%m-%d)"
: Email subject of the notification.quar_hits=1
: Move the malware to quarantine.quar_clean=1
: Delete any malware detected.clamav_scan=1
: Use ClamAV’s malware library to scan.Installing ClamAV helps Linux Malware Detect to scan processes faster and more effectively. First, we need to install the EPEL repo:
yum install epel-release
Then, we install ClamAV with the following command:
yum update && yum install clamav
After finishing the installation process, you are able to use Linux Malware Detect to scan for malware.
To scan a folder, use this command:
maldet --scan-all /home/domain.com/public_html
If you only want to scan some specified file types (.php
for example), you can use the following command:
maldet --scan-all /home/domain.com/public_html/*.php
To view a scanning report, use the following command. Replace 14715-1421.3219
with the scan ID.
maldet --report 14715-1421.3219
You can update Linux Malware Detect by running:
maldet -u
To delete all quarantined files:
rm -rf /usr/local/maldetect/quarantine/*
https://cisofy.com/lynis/
https://www.clamav.net/downloads
toolkit
https://cve.mitre.org/
https://cisofy.com/lynis/