WHM Security

 

chkrootkit

chkrootkit is a shell script that examines your system's binaries for rootkit installations. In this case, a rootkit is a software modification, performed on the system, that someone can use to gain administrative access to the server undetected. To install chkrootkit:

  1. Log into your server as the root user.
  2. Enter the /root/directory using the following command:
    • cd /root
  3. Use the following command to download chkrootkit:
    • wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
  4. Uncompress the .tar.gz.file using the following command:
    • tar -xvzf chkrootkit.tar.gz
  5. Enter the new directory using the following command:
    • cd chkrootkit-0.49
  6. Begin the chkrootkit installation using the following command:
    • make sense

At this point, chkrootkit should install successfully on your server. To run rootkit, enter the following command:

  • /root/chkrootkit-0.49/chkrootkit

We strongly recommend that you run chkrootkit often and add a cronjob that runs the command above.

 

Modify the Logwatch Configuration File

Logwatch is a customizable log analysis system. It parses your system's log files for a given period of time and creates a report analyzing specified data. Logwatch is already installed on most cPanel & WHM servers.

The Logwatch configuration file is located at: /usr/share/logwatch/default.conf/logwatch.conf

To make the necessary edits, you will need to open the file listed above with your preferred text editor. We recommend changing the following parameters:

  • MailTo = This email address is being protected from spambots. You need JavaScript enabled to view it.
    •  Note: You will need to replace This email address is being protected from spambots. You need JavaScript enabled to view it. in the example above with the email address at which you wish to receive notifications from Logwatch.
  • Detail = 5 or Detail = 10
    •  Note: Changing this parameter allows you to receive more detailed log files. A value of 5would represent a medium level of detail while a value of 10 would result in a high level of detail.

Make sure to save your changes when you are finished editing this file.

 

ConfigServer Software

Many of our technical analysts recommend using CSF. CSF is a free product provided by ConfigServer. CSF is a stateful packet inspection (SPI) firewall, login and intrusion detection mechanism, and general security application for Linux servers. For more information about using and installing CSF, you can visit the CSF website.

ConfigServer also provides a free add-on product for cPanel & WHM called ConfigServer Mail Queues (CMQ). The product provides a full featured interface to cPanel's Exim mail queues from within WHM. For more information about using and installing CMQ, you can visit the CMQ website.

Add comment


Security code
Refresh

Category: