Server Audit & Report

  • $99/server
  • Initial Check-up
  • Run rkhunter for a quick scan
  • Run chkrootkit for a quick scan
  • Check Listening Network Ports
  • Enforcing Stronger Passwords by pam_cracklib module
  • Hardening sysctl.conf
  • Secure /tmp, /var/tmp and /dev/shm with mount options noexec, and nosuid.
  • Install Logwatch and review logwatch emails daily. Investigate any suspicious activity on your server.
  • Web Server Secure & Optimization
  • Mysql Renice for better performance
  • Php Tightening
  • Control Panel Tweaking for better security & performance
  • Check whether server IP address is listed in RBLs
  • Scan /home for suspicious files and symlinks
  • Remove unsecure RPMs
  • Inetd hardening
  • Host.conf Hardening
  • Hardening Pure/Proftpd
  • Check for any errors during server boot up
  • List all account backup files (tar.gz) that are taking up disk space
  • Check whether the server has sufficient free memory and swap space
  • Confirm that server does not run out of disk space and inode usage any time soon
  • Check and confirm that there are no suspicious network connections to any remote server(s).
  • Check for any suspicious processes running on the server.
  • Clean up old or unwanted temporary files from /tmp partition.
  • Scan for any hidden processes running on the server that may not be listed in “ps” output.
  • Check for any users with shell access on the server other than root user
  • Check whether a normal user can execute root commands via sudo
  • Check the version of Apache currently installed on the server.
  • Check the version of PHP currently installed on the server.
  • Check whether the kernel version is update
  • Check for bad disk blocks in all partitions using SMARTD Health Check
  • Clean Spam, Frozen and unwanted mails in mail queue
  • Scan for suspicious files using maldet / clamav
  • Scan for files and directories with no user associated with them
  • Check for unsafe file permissions and Disabling some executables
  • Check the memory/CPU (system health check using systat)
  • Scan for files and directories with world-writable permissions
  • Scan and list all suspicious symlinks under home directory
  • Check server load and partitions to perform maintenance activities
  • Scan for *.c or binary files (which have possible security issues)
  • Check dmesg output
  • Check history for root and su user
  • Change the permission of a directory and its subfolder to default permission
  • Examine common linux log files
  • Check tcp connections and make sure no unwanted ips or ports are listed
  • Check for Chargen
  • Check the size of the log files. It’s better that the log size remains in megabytes
  • Check Load on the server ­­ Quick check of running processes using ps, netstat, lsof, top etc
  • Scan and list all *.tar.gz files under “/home” and “/backup” that are more than 6 months old.
  • Turn off recursive query globally in named.conf to avoid dns amplification attacks.
  • Hide server version details for httpd,ftpd,named
  • Check listening network ports
  • Restrict users to execute cron
  • Disable the PHP functions “system, exec, shell_exec, passthru, popen, proc_open, show_source, symlink”
  • Tune kernel parameters
  • Disable unused services
  • Install IFTOP which displays a frequently updated list of network bandwidth utilization (source and destination hosts) that passing through the network interface
  • Performance checksiostat reports CPU, disk I/O, and NFS statisticsvmstat reports virtual memory statisticsmpstat reports processors statistics.
  • Turn off compilers. Most rootkits come precompiled but not all of them do. It will also prevent shell users from trying to compile any irc related programs.
  • Enable PHP open_basedir Protection : PHP open_basedir protection prevents users from opening files outside of their home directory with php.
  • Include safe_mode for PHP 5.x and below. Safe_mode ensures that the owner of a PHP script matches the owner of any files to be operated on.
  • Enabling suEXEC provides support for Apache to run CGI programs as the user ID of the account owner.
  • Move mails to maildir format
  • Preparing a list of all world writable files and directories. This will reveal locations where an attacker can store files on your system.
  • Look at no_owner for all files that do not have a user or group associated with them. All files should be owned by a specific user or group to restrict access to them.
  • Updated rules for mod security
  • Logcheck installation
  • Update php­pear and gem modules
  • Tackle down the currently infected files on the server by using AUTOBOTS