Webhosting industry faces new security threats every day that makes security an ongoing process. The customer expects better performance without security compromise and that can happen only through great deal of knowledge and skill set. This is a common trait of the Sages at server security audit service.

Server Audit & Report


Initial Check-up

Run rkhunter for a quick scan

Run chkrootkit for a quick scan

Check Listening Network Ports

Enforcing Stronger Passwords by pam_cracklib module

Hardening sysctl.conf

Secure /tmp, /var/tmp and /dev/shm with mount options noexec, and nosuid.

Install Logwatch and review logwatch emails daily. Investigate any suspicious activity on your server.

Web Server Secure & Optimization

Mysql Renice for better performance

Php Tightening

Control Panel Tweaking for better security & performance

Check whether server IP address is listed in RBLs

Scan /home for suspicious files and symlinks

Remove unsecure RPMs

Inetd hardening

Host.conf Hardening

Hardening Pure/Proftpd

Check for any errors during server boot up

List all account backup files (tar.gz) that are taking up disk space

Check whether the server has sufficient free memory and swap space

Confirm that server does not run out of disk space and inode usage any time soon

Check and confirm that there are no suspicious network connections to any remote server(s).

Check for any suspicious processes running on the server.

Clean up old or unwanted temporary files from /tmp partition.

Scan for any hidden processes running on the server that may not be listed in “ps” output.

Check for any users with shell access on the server other than root user

Check whether a normal user can execute root commands via sudo

Check the version of Apache currently installed on the server.

Check the version of PHP currently installed on the server.

Check whether the kernel version is update

Check for bad disk blocks in all partitions using SMARTD Health Check

Clean Spam, Frozen and unwanted mails in mail queue

Scan for suspicious files using maldet / clamav

Scan for files and directories with no user associated with them

Check for unsafe file permissions and Disabling some executables

Check the memory/CPU (system health check using systat)

Scan for files and directories with world-writable permissions

Scan and list all suspicious symlinks under home directory

Check server load and partitions to perform maintenance activities

Scan for *.c or binary files (which have possible security issues)

Check dmesg output

Check history for root and su user

Change the permission of a directory and its subfolder to default permission

Examine common linux log files

Check tcp connections and make sure no unwanted ips or ports are listed

Check for Chargen

Check the size of the log files. It’s better that the log size remains in megabytes

Check Load on the server ­­ Quick check of running processes using ps, netstat, lsof, top etc

Scan and list all *.tar.gz files under “/home” and “/backup” that are more than 6 months old.

Turn off recursive query globally in named.conf to avoid dns amplification attacks.

Hide server version details for httpd,ftpd,named

Check listening network ports

Restrict users to execute cron

Disable the PHP functions “system, exec, shell_exec, passthru, popen, proc_open, show_source, symlink”

Tune kernel parameters

Disable unused services

Install IFTOP which displays a frequently updated list of network bandwidth utilization (source and destination hosts) that passing through the network interface

Performance checks

iostat reports CPU, disk I/O, and NFS statistics

vmstat reports virtual memory statistics

mpstat reports processors statistics.

Turn off compilers. Most rootkits come precompiled but not all of them do. It will also prevent shell users from trying to compile any irc related programs.

Enable PHP open_basedir Protection : PHP open_basedir protection prevents users from opening files outside of their home directory with php.

Include safe_mode for PHP 5.x and below. Safe_mode ensures that the owner of a PHP script matches the owner of any files to be operated on.

Enabling suEXEC provides support for Apache to run CGI programs as the user ID of the account owner.

Move mails to maildir format

Preparing a list of all world writable files and directories. This will reveal locations where an attacker can store files on your system.

Look at no_owner for all files that do not have a user or group associated with them. All files should be owned by a specific user or group to restrict access to them.

Updated rules for mod security

Logcheck installation

Update php­pear and gem modules

Tackle down the currently infected files on the server by using AUTOBOTS

©2021 Tranzmedia Netvision Limited. All Rights Reserved.