Recommended VPS Complete list of best VPS hosting providers.

Install Basic Security Apps On Webuzo

This short tutorial will show you some basic security apps you may need it getting installed on your Webuzo server. As usual, the process is made easy in Webuzo so you don’t need to mess up with complicated steps in SSH / Terminal console.

Previous necessary articles:

  1. How to Install Webuzo on Ubuntu VPS
  2. Basic Webuzo Setup / Config
  3. Install WordPress on Webuzo Free

Next, here there are 3 (three) necessary security apps for your Webuzo setup.

ConfigServer Security & Firewall (CSF)

Config Server Firewall or CSF is a popular open source (read: Free) app installed on many servers around the world. While still being simple enough to install and configure that even novice administrators can use it, CSF is generally considered a more advanced firewall as there are more configuration options compared to other firewalls.

Key features:

  • Daemon process that checks for login authentication failures for:
    • Courier imap, Dovecot, uw-imap, Kerio
    • openSSH
    • Pure-ftpd, vsftpd, Proftpd
    • Password protected web pages (htpasswd)
    • Mod_security failures (v1 and v2)
    • Suhosin failures
    • Exim SMTP AUTH
    • Custom login failures with separate log file and regular expression matching
  • POP3/IMAP login tracking to enforce logins per hour
  • SSH login notification
  • SU login notification
  • Excessive connection blocking
  • Easy upgrade between versions from shell
  • Auto-configures the SSH port if it’s non-standard on installation
  • Block traffic on unused server IP addresses – helps reduce the risk to your server
  • Alert when end-user scripts sending excessive emails per hour – for identifying spamming scripts
  • Suspicious process reporting – reports potential exploits running on the server
  • Excessive user processes reporting
  • Excessive user process usage reporting and optional termination
  • Suspicious file reporting – reports potential exploit files in /tmp and similar directories
  • Directory and file watching – reports if a watched directory or a file changes
  • Block traffic on the DShield Block List and the Spamhaus DROP List
  • BOGON packet protection
  • Works with multiple ethernet devices
  • Allow Dynamic DNS IP addresses – always allow your IP address even if it changes whenever you connect to the internet
  • Alert sent if server load average remains high for a specified length of time
  • mod_security log reporting (if installed)
  • IDS (Intrusion Detection System) – the last line of detection alerts you to changes to system and application binaries
  • SYN Flood protection
  • Ping of death protection
  • Port Scan tracking and blocking
  • Permanent and Temporary (with TTL) IP blocking
  • Exploit checks
  • Account modification tracking – sends alerts if an account entry is modified, e.g. if the password is changed or the login shell
  • Shared syslog aware
  • Messenger Service – Allows you to redirect connection requests from blocked IP addresses to preconfigured text and html pages to inform the visitor that they have been blocked in the firewall. This can be particularly useful for those with a large user base and help process support requests more efficiently
  • Country Code blocking – Allows you to deny or allow access by ISO Country Code
  • Port Flooding Detection – Per IP, per Port connection flooding detection and mitigation to help block DOS attacks
  • lfd Clustering – allows IP address blocks to be automatically propagated around a group of servers running lfd. It allows allows cluster-wide allows, removals and configuration changes
  • Quick start csf – deferred startup by lfd for servers with large block and/or allow lists
  • Distributed Login Failure Attack detection
  • Temporary IP allows (with TTL)
  • IPv6 Support with ip6tables
  • System Statistics – Basic graphs showing the performance of the server, e.g. Load Averages, CPU Usage, Memory Usage, etc
  • and lots more!

How to install CSF on Webuzo? Simply follow these steps:

Step 1 – Login to your Webuzo Enduser Panel via:
http://x.x.x.x:2002/
where x.x.x.x is your VPS IP address

signin webuzo panel

Step 2 – Click on Apps menu in the top of page

click apps menu

Step 3 – Then go to Security > CSF

security menu csf

Step 4 – Finally click on the Install button.

install csf firewall

Step 5 – Wait for a few minutes till the progress bar reaches 100%.

progress

Step 6 – Once done, go back to the main page or by clicking PHP menu in the top of the page then go to CSF Configuration under the Security section.

click php menu

security section

Step 7 – In the next page, you can review several firewall configuration and behavior. Webuzo has put some basic setup by default so if you don’t have anything more to adjust, simply change the TESTING=”1″ line to TESTING=”0″ and that’s it. Also, do not forget to save changes.

testing mode off

Brute Force Detection

Distributed under GNU Public License, Brute Force Detection (BFD) is a modular shell script for parsing application logs and checking for authentication failures. It does this using a rules system where application specific options are stored including regular expressions for each unique auth format. In addition to the benefits of parsing logs in a single stream, BFD also uses a log tracking system so logs are only parsed from the point which they were last read. This greatly assists in extending the performance of BFD even further as we are not constantly reading the same log data. The log tracking system is compatible with syslog/logrotate style log rotations which allows it to detect when rotations have happened and grab log tails from both the new log file and the rotated log file. You can also leverage BFD to block attackers using any number of tools such as APF, Shorewall, raw iptables, ip route or execute any custom command. There is also a fully customizable e-mail alerting system with an e-mail template that is well suited for every day use or you can open it up and modify it. The attacker tracking in BFD is handled using simple flat text files that are size-controlled to prevent space constraints over time, ideal for disk less devices. There is also an attack pool where trending data is stored on all hosts hat have been blocked including which rule the block was triggered by.

Installing BDF in Webuzo is just one click away:

Step 1 – Click on Apps menu in the top of page

Step 2 – Then go to Security > CSF

Step 3 – Finally click on the Install button.

Step 4 – Wait for a few minutes till the progress bar reaches 100%.

and done.

Linux Malware Detect

Linux Malware Detect or LMD is a malware scanner app for Linux system. The app is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection.

Key Features:

- MD5 file hash detection for quick threat identification
- HEX based pattern matching for identifying threat variants
- statistical analysis component for detection of obfuscated threats (e.g: base64)
- integrated detection of ClamAV to use as scanner engine for improved performance
- integrated signature update feature with -u|–update
- integrated version update feature with -d|–update-ver
- scan-recent option to scan only files that have been added/changed in X days
- scan-all option for full path based scanning
- checkout option to upload suspected malware to rfxn.com for review / hashing
- full reporting system to view current and previous scan results
- quarantine queue that stores threats in a safe fashion with no permissions
- quarantine batching option to quarantine the results of a current or past scans
- quarantine restore option to restore files to original path, owner and perms
- quarantine suspend account option to Cpanel suspend or shell revoke users
- cleaner rules to attempt removal of malware injected strings
- cleaner batching option to attempt cleaning of previous scan reports
- cleaner rules to remove base64 and gzinflate(base64 injected malware
- daily cron based scanning of all changes in last 24h in user homedirs
- daily cron script compatible with stock RH style systems, Cpanel & Ensim
- kernel based inotify real time file scanning of created/modified/moved files
- kernel inotify monitor that can take path data from STDIN or FILE
- kernel inotify monitor convenience feature to monitor system users
- kernel inotify monitor can be restricted to a configurable user html root
- kernel inotify monitor with dynamic sysctl limits for optimal performance
- kernel inotify alerting through daily and/or optional weekly reports
- e-mail alert reporting after every scan execution (manual & daily)
- path, extension and signature based ignore options
- background scanner option for unattended scan operations
- verbose logging output of all actions

How to install LMD?

Step 1 – Click on Apps menu in the top of page

Step 2 – Then go to Security > Linux Malware Detect

Step 3 – Finally click on the Install button.

Step 4 – Wait for a few minutes till the progress bar reaches 100%.

and done.

You can check all installed apps in Webuzo via All Installed Applications menu in the top right corner.

2015-12-01_140334

That’s it. You can watch all the steps above in a video below:

2 Comments

Add a Comment

Your email address will not be published. Required fields are marked *

Get more stuff like this
in your inbox

Subscribe and get interesting stuff plus faster updates to your email.