"The mind of a Mad Tech!"

To improve the security of a Linux server, especially a web server, which is exposed to the Internet and possible worldwide hackers, it’s best to enable the server to automatically send a notification email to predefined email address anytime someone logs in as root to the host. To configure the automatic email alert notification to a default email address on each incident of root log on on the server, use the following guide.

1. Login to the server via SSH using as root ID.
2. Ensure that you’re at home directory of root. Then open up the .bash_profile for editing using pico or vi by typing one of the following commands at command shell line:

Using Pico# pico .bash_profile
Using Nano# nano .bash_profile
Using Vi# vi .bash_profile

3. Scroll down to the end of the file and add the following line:

“echo ‘ALERT – echo ‘ALERT – Root Shell Access (YourserverName) :’ `date` `who` | mail -s “Alert: Root Access from `who | cut -d”(” -f2 | cut -d”)” -f1`” [email protected]” (Without the quotes)

4. Replace [email protected] with the actual email account address that you want to the root access alert notification been sent to. Note that you can change the text contains in the email alert too. You will want to change the (YourserverName) to your actual server name or hostname.

Now logout and login again as root, you should receive an email alert at your inbox. This works on most popular flavor of Linux such as RedHat, CentOS, Ubuntu, FreeBSD , etc.

Disable UAC for windows 2008 Dedicated Servers

User access control was developed for windows vista and has been incorporated into windows server 2008 as well. User Account Control (UAC) is a new security component in Windows Vista. UAC enables users to perform common tasks as non-administrators, called standard users in Windows Vista, and as administrators without having to switch users, log off, or use Run As. A standard user account is synonymous with a user account in Windows XP. User accounts that are members of the local Administrators group will run most applications as a standard user. By separating user and administrator functions while enabling productivity, UAC is an important enhancement for Windows Vista.

We generally recommend turning this function off as it is seems to be more of a pain than it is worth. It does provide greater security for your server, however, so it is up to you whether you wish to disable it or not.

1. Open the Control Panel.

2. Click User Accounts.

3. Click Turn User Account Control on or off.(If you receive a User Account Control message click Continue.)

4. Clear the “Use User Account Control (UAC) to help protect your computer” check box, and then click OK.

5. Click Restart Now to apply the change right away, or click Restart Later and close the User Accounts tasks window.

While Cpanel comes with 2 different FTP programs; PureFTP and Proftp, there isn’t any way in Cpanel to change the default FTP ports. This leaves the server open to a possible brute force attack at the default port of 21. However by changing just one line in your FTP server configuration files, you can change up the FTP port and securing your server.

To do so, you must be logged into your server via SSH/Shell and you must use a text editior such as Nano, Pico, Vi / Vim.

Changing the port for Pure-FTP

1) Edit /etc/pure-ftpd.conf and look for the following line:

#Bind 127.0.0.1,21

The default example, 127.0.0.1, will cause the socket to bind locally but then this connection won’t serve externally. You’ll need to uncomment the line and change that to 0.0.0.0 so all IP’s will listen on that range and change the port of 40 to your desired ftp port.

2) If needed, add the new FTP port to your server’s firewall

3) Edit /etc/chkserv.d/ftpd and change the port, which is the first comma-separated entry to the right of ‘=’ on the line in the file, to match the port you put the service on.

Finally:

/etc/init.d/pure-ftpd restart
/etc/init.d/cpanel restart (restarts tailwatchd/chkservd)

Changing the port for ProFTP

Edit /etc/proftpd.conf and change:

Port 21

UPDATED as of April 1st, 2010

*It seems Parallel’s has released a fix for this. Fix was just released / revised as of April 1st, 2010*

http://kb.parallels.com/en/8338

Resolution

It is necessary to update Parallels Panel web-engine:

1. Download the appropriate package using the wget utility. Example for CentOS 5 x86:

A list of fixed packages:

CentOS 5 x86
CentOS 5 x86_64
CentOS 4 x86
CentOS 4 x86_64
RHEL 4 x86
RHEL 4 x86_64

2. Install the downloaded package. Example for CentOS 5 x86:

Taken from “http://mattiasgeniar.be/2010/03/29/dont-upgrade-openssl-if-youre-using-plesk-broken-controlpanel/” -

If you’re using Plesk 9.x on a CentOS system, don’t upgrade the openssl package from version 0:0.9.8e-12.el5_4.1 to 0:0.9.8e-12.el5_4.6. It will break your Plesk Controlpanel, causing it to no longer start up. You’ll see a message similar to this.

[root@srv~]# /etc/init.d/psa start

Starting xinetd service…               done

Starting named service…             done

Starting mysqld service…           done

Plesk: Starting Mail Server… already started

Starting mail handlers tmpfs storage

Starting Plesk…                       failed

There won’t be an obvious error message in any log file location (/var/log/*, /usr/local/psa/var/log/*, /usr/local/psa/admin/logs/*), but it will most likely be caused by your recent openssl upgrade. Solution is this.

1) Downgrade method

[root@srv~]# yum downgrade openssl openssl-devel

2) Using RPM packages

You have to download these first! After completing the next steps, you’ll be without openssl – and downloading through wget or curl won’t  work because of missing libraries. Please take note: the following is at your own risk (and if you lose your SSH connection in the meanwhile, you’re screwed).

Find your current OpenSSL version, it should read version “el5_4.6″.

[root@srv~]# rpm -qa | grep -i openssl
openssl-0.9.8e-12.el5_4.6

Remove the package (if you haven’t downloaded the openssl package yet, do so first !!). (due to the font of this blog, it’s confusing, but the parameter = ‘ – – nodeps’).

[root@srv ~]# rpm -e –nodeps openssl-0.9.8e-12.el5_4.6

And re-install the correct version (replace the RPM with the one for your achitecture).

[root@srv  ~]# rpm -ivh openssl-0.9.8e-12.el5_4.1.x86_64.rpm
warning: openssl-0.9.8e-12.el5_4.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
Preparing…                ########################################### [100%]
1:openssl                ########################################### [100%]

Afterwards, you’ll be able to start Plesk again.

[root@srv~]# /etc/init.d/psa start

Starting xinetd service…               done

Starting named service…             done

Starting mysqld service…           done

Plesk: Starting Mail Server… already started

Starting mail handlers tmpfs storage

Starting Plesk…                       done

For now the only workaround is to downgrade openssl, either with yum or with rpm (if yum is not configured):

# wget -c http://mirrors.kernel.org/centos/5/updates/x86_64/RPMS/{openssl-0.9.8e-12.el5_4.1.x86_64.rpm,mod_ssl-2.2.3-31.el5.centos.2.x86_64.rpm,httpd-2.2.3-31.el5.centos.2.x86_64.rpm}

# rpm -Uvh –oldpackage {openssl-0.9.8e-12.el5_4.1.x86_64.rpm,mod_ssl-2.2.3-31.el5.centos.2.x86_64.rpm,httpd-2.2.3-31.el5.centos.2.x86_64.rpm}

# /etc/init.d/sw-cp-server start