| WHM SECURITY |
|---|
| Remote access to enterprise networks has thrown open a plethora of security challenges for companies. There are increased incidents of attack surfaces and identity theft. At such times, what you need is the ability to quickly identify and mitigate cyber-risks within your organization. We recommend several tips that you can use to make your cPanel & WHM server more secure. Use secure passwords Insecure passwords represent the most common security vulnerability. If a hacker compromises an account password, they can use it to deface or infect client sites, or use them to spread viruses. Generally a secure password utilizes at least eight characters, which includes alphanumeric and grammatical symbols. Never use passwords that include dictionary words or significant dates. If you wish to check a password’s security, test it with JTR cracker. You can also install tools like pam_passwdqc to check the strength of passwords. Secure SSH If you move SSH access to a different port, individuals without specific knowledge of your server will not know which port to use for SSH. Many malicious users attempt to use port 22 to access servers. To modify the port on which SSH runs, edit the /etc/ssh/sshd_config file. We recommend that you use a port number less than 1024 and one that another service does not already use. • These ports are “privileged” ports, because only the root user can bind to them. • Ports 1024 and above are “unprivileged” ports, and anyone can use them. Warning: Always use SSHv2 only. SSHv1 will not properly secure connections. You must change the #Protocol 2,1 line in the /etc/ssh/sshd_config file to Protocol 2. You may also wish to configure shell resource limits for your users. These limits ensure that applications and scripts cannot use all of your server’s resources and take down your server. You can configure shell resource limits in the /etc/security/limits.conf file on most Linux systems. Secure Apache You must secure your Apache installation. The ModSecurity tool can help you to secure your server’s Apache installation. To use ModSecurity to secure Apache, install and enable the Open Web Application Security Project (OWASP) Core Rule Set (CRS). You can do this in WHM’s ModSecurity™ Vendors interface (WHM >> Home >> Security Center>>ModSecurity Vendors). The OWASP ModSecurity rule set is a set of rules that Apache’s ModSecurity module can use to help protect your server. While these rules do not make your server impervious to attacks, they greatly increase the amount of protection for your web applications. You can use the following interfaces to manage ModSecurity: • WHM’s ModSecurity Tools interface (WHM >> Home >> Security Center>>ModSecurity™ Tools). • WHM’s ModSecurity Configuration interface (WHM >> Home >> Security Center>>ModSecurity™ Configuration). When you compile Apache, include the suEXEC module to ensure that CGI applications and scripts run as the user that owns and executes them. This module identifies the location of malicious scripts and who executed them. It also enforces permission and environment controls. We strongly recommend that you compile Apache and PHP with the suPHP module. The suPHP module forces all PHP scripts to run as the user who owns the script. This allows you to identify the owner of all PHP scripts that run on your server and find the location of malicious scripts. To compile Apache and PHP with the suPHP module, select the suPHP option in WHM’s EasyApache 4 interface (WHM >> Home >> Software >>EasyApache 4) or run the /usr/local/cpanel/scripts/easyapache script from the command line. |
