Scan your web server for vulnerabilities with Nikto on squeeze
Nikto is a web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
1. Add non-free archive to apt sources (pico /etc/apt/sources.list)
deb http://ftp.uk.debian.org/debian/ squeeze main non-free
deb-src http://ftp.uk.debian.org/debian/ squeeze main non-free
Scan your server for rootkits with rkhunter
rkhunter (Rootkit Hunter) is a tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.
1. Install rkhunter
apt-get install rkhunter
Running Apache2 virtual hosts as different users with mpm-itk
apache2-mpm-itk is an MPM (Multi-Processing Module) for the Apache web server. mpm-itk allows you to run each of your vhost under a separate uid and gid — in short, the scripts and configuration files for one vhost no longer have to be readable for all the other vhosts.
1. Install the apache2-mpm-itk package
apt-get install apache2-mpm-itk
Prevent brute force attacks using fail2ban
fail2ban monitors log files such as /var/log/auth.log and /var/log/apache/access.log and temporarily or persistently bans failure-prone addresses by updating existing firewall rules. Currently, by default, fail2ban supports ssh/apache/vsftpd but configuration can be easily extended for monitoring any other ASCII file.
1. Install fail2ban
apt-get install fail2ban
Installing suPHP
suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.
1. Install suPHP
apt-get install libapache2-mod-suphp
Scan your web server for vulnerabilities with Nikto
Nikto is a web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
1. Install Nikto
apt-get install nikto
Disable root login to SSH
Allowing root logins to your SSH damon is a big security threat. If the SSH port is open, hackers will probably at some time attempt to brute force your root password. It's a good idea to disable root logins to SSH and instead use a normal user to login and type "su -" to enter the super user shell or sudo to perform tasks that require root privileges.
1. Open the SSH daemon config file and change this line: (pico /etc/ssh/sshd_config)
PermitRootLogin no
Adding a sudoer to use sudo on Debian
Sudo allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments.
1. Create a new user (optional)
adduser user1
Loading iptables rules on startup
By default iptables is setup on Debian etch but there are no rules configured. In this tutorial we'll configure some rules and load them into iptables on startup.
1. Rules file
Create a new file that will contain a shell script to insert rules into iptables (pico /etc/firewall-rules.sh) and add this content as template: