Server Security and Hardening
We at www.supaanasolutions.com provide full server hardening and security for your critical business servers with any OS. Our server hardening package includes
Initial/Basic Server Setup
If you have a new server, we’ll setup and configure the server completely from scratch to get the server ready for your use! The initial/basic server setup includes securing the server including /tmp, optimizing the server performance including various module optimization such as Mysql, apache, ftp etc; securing the email servers with antivirus and spam filter rules. The details are as follows:
3rd Party Software
SIM is a system and services monitor for `SysVinit` systems. It is designed to be intuitive and modular in nature, and to provide a clean and informative status system. It does this by consistently verifying that services are online, load averages are in check, and log files are at reasonable sizes.
SPRI (System Priority) is a utility designed to queue different processes with different priority levels based on 3 class levels of importance (high,med,low).The average load level of a server can be substantially decreased by using spri, by as much as 5-20%.
Enforce noexec & nosuid on temporary directories such as /tmp and /var/tmp secures the server from malicious scripts being executed from /tmp directories.
PRM monitors the process table on a given system and matches process id's with set resource limits in the config file or per-process based rules. Process id's that match or exceed the set limits are logged and killed; includes e-mail alerts, kernel logging routine and more...
BFD is a modular shell script for parsing applicable logs and checking for authentication failures. It works in conjunction with a firewall (APF recommended) or real-time facility to place bans on the brute forced attacking IP's/hosts.
Linux Environment Security is intended as a facility to quickly & easily secure Red Hat/RPM based environments (i.e.: turbo Linux, open Linux). It does such by enforcing root-only permissions on system binaries (binaries that have no place being executed by normal users), enforcing root-only path traversal on system paths, enforcing immutable bit on essential rpm package contents (i.e.: coreutils), and enforcing immutable bit on shell profile scripts. Email Security:
Clam AntiVirus is an anti-virus toolkit for Linux servers. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet.
Secure Apache tweaks apache for better performance, and prevent unnecessary information from being easily seen securing Apache reduces the threat from attackers and avoid their hack attempts to the server.
APF along with anti-dos rulesets is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice. Alternative firewall CSF installed on request.
Logwatch is a customizable log analysis system. Logwatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require.
smartd is a daemon that monitors the Self-Monitoring, Analysis and Reporting Technology (SMART) system built into many ATA-3 and later ATA, IDE and SCSI-3 hard drives. The purpose of SMART is to monitor the reliability of the hard drive and predict drive failures, and to carry out different types of drive self-tests.