Performance and Security

Lynis is an open-source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners. ClamAV is an open-source (GPL) anti-virus engine used in a variety of situations including email scanning, web scanning, and endpoint security. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command-line scanner and an advanced tool for automatic database updates. 0. Preliminary requirements: "CentOS 7" template installed on the se…

Let's Encrypt is a certificate authority that provides free certificates in a fully automated process. In this guide, you will learn how to set up a TLS/SSL certificate from Let’s Encrypt on an Centos 7 / AlmaLinux 8 servers running Apache as a web server. Preparation Before enabling the Let's Encrypt certificate, make sure you have Apache Web Server installed on your server. If not, you can check out our Apache web server installation guide. You also need to create a virtual host configuration file by typing this command (if you didn't do it during Apache installation): vi /etc/httpd/conf.d/yourdomain.ltd.conf Add these lines to the configuratio…

SWAP memory is used to help RAM, once it cannot store any more data. The data which cannot be stored in RAM is then stored to SWAP memory in the hard disk. In this article, we will provide the basic steps on how to modify and increase SWAP memory in our KVM virtualization Linux VPS packages. In general, there are different opinions on how much SWAP memory your server should have. It could be half of your RAM, the same amount or even more than RAM. In our article, we will assign 6 GB of SWAP to the server. Allocating SWAP Memory First thing you should do is to check if there is no SWAP memory in use on your server with the following command: free -…

Here is a simple, straightforward guide to improving VPS security. Change the SSH port One of the most common points of attack is port 22. Changing this discourages many of them as well as scripts set to check for that port. In order to change the port do the following: nano /etc/ssh/sshd_config You should locate a line that looks like: #Port 22 Un-comment this line and change the port number. A port number above 1024 is recommended. This section of your sshd_conf should now look like: Port 2222 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: You can now save and exit nano (Ctrl x) and restart the SSHD service by issuing the following …

Introduction Encryption is the process of encoding files in such a way that only those who are authorized can access it. Encryption does not of itself prevent interception but denies the file content to the interceptor. In an encryption scheme, the intended files, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. Linux distribution provides a few standard encryption/decryption tools that can prove to be handy at times. Here in this article, we have covered 3 such tools with proper standard examples, which will help you to encrypt, decrypt and password-protect your files. 1. GnuPG …

Introduction SPF (Sender Policy Framework) is a DNS text entry which shows a list of servers that should be considered allowed to send mail for a specific domain. Incidentally, the fact that SPF is a DNS entry can also considered a way to enforce the fact that the list is authoritative for the domain, since the owners/administrators are the only people allowed to add/change that main domain zone. upon receipt, the HELO message and the sender address are fetched by the receiving mail server the receiving mail server runs a TXT DNS query against the claimed domain SPF entry the SPF entry data is then used to verify the sender server in case th…

ConfigServer Security & Firewall is a popular Linux firewall security suite. It is easy to install, flexible to configure and secure with extra checks. CSF helps to control exactly what traffic is allowed in and out of the server and to protect the server from malicious attacks. Preliminary Requirements: CentOS 7, Fedora 23, Ubuntu 16.04 or Debian 8 OS installed. Installation Of ConfigServer Security & Firewall For CentOS / Fedora firstly you need to install required for CSF Perl packages: yum install perl-libwww-perl.noarch perl-Time-HiRes perl-core zip unzip bind-utils -y For Ubuntu and Debian install the following packages: apt-g…

SpamAssassin is a computer program used for e-mail spam filtering. SpamAssassin uses a variety of spam-detection techniques, including DNS-based and fuzzy-checksum-based spam detection, Bayesian filtering, external programs, blacklists, and online databases. It will save your mailbox from many unwanted spam emails. For this tutorial we are using Ubuntu 16.04 distribution, however, you should be able to use it for all Debian and Ubuntu distributions we offer on Time4VPS. Update System First things first. Like always, first of all, we recommend updating your server. It can be done by simply executing: apt-get update Installation After our server is up …

In order to make a standard OpenVZ OS image minimal you need to follow these instructions: 1. Install the standard OS from the client area 2. Login to the VPS SSH and execute one of the following commands (depending on your OS): CentOS 6 64-Bit yum remove acl apr apr-util apr-util-ldap aspell attr authconfig avahi-libs bind bind-libs bzip2 centos-indexhtml cronie cronie-noanacron crontabs cups-libs cvs cyrus-sasl dhclient dhcp-common elfutils fetchmail finger finger-server ftp gettext gnutls gpg-pubkey-c105b9de gpm-libs hesiod httpd httpd-tools iptables-ipv6 jwhois libcap-ng libgomp libgssglue libjpeg-turbo libpcap libpng libtalloc libtdb libtevent libtiff …

An exploited or hacked VPS is one that is no longer fully under your control. Someone else is now partially controlling your VPS and using it for their own purposes. Here are some common reasons to exploit a VPS: • To send out spam email; • To launch attacks against other servers (thus, consuming your CPU, memory, and bandwidth resources); • To install a phishing website on your VPS to gain access to sensitive information. Background There are two primary ways a VPS may be compromised: A. If the hacker has guessed a password of a user on the VPS. This may be an email, FTP, or SSH use; B. If the hacker has gained access through a security hole in a web appli…

Iptables is basically a powerful firewall, which can allow a user to set specific rules to control incoming and outgoing traffic. You can use it to block the specific port, IP addresses and much more. In this article, we present the most common uses of iptables. The iptables rules can be specified with 3 blocks, which are used for a specific purpose (called Chains😞 INPUT - All packets destined for the host computer. OUTPUT - All packets originating from the host computer. FORWARD - All packets neither destined for nor originating from the host computer, but passing through (routed by) the host computer. This chain is used if you are using your computer as a router…

How do you block an IP using iptables? iptables -A INPUT -s xx.xx.xx.xx -j DROP How do you block an IP from a specific port? iptables -A INPUT -p tcp -s xx.xx.xx.xx --dport PORT -j DROP (xx.xx.xx.xx is the remote IP address and PORT is the port number you wish to allow/deny access to.) How do you allow access to an IP? iptables -A INPUT -s xx.xx.xx.xx -j ACCEPT How do you allow access to an IP to a specific port using iptables? iptables -A INPUT -p tcp -s xx.xx.xx.xx --dport PORT -j ACCEPT (Again, xx.xx.xx.xx is the remote IP address and PORT is the port number you wish to allow/deny access to.) How do you block a scanner on a server for exa…

If your server appears pretty slow, there could be many things wrong such as poorly written scripts - but sometimes it could be because someone is flooding your server with traffic known as DoS (Denial of Service) or DDoS (Distributed Denial of Service). It could also be that your server itself is part of a botnet and is being used to attack other networks. In this case, it is always a good idea to run scans with software such as ClamAV and RootKit Hunter as a precaution. Furthermore, whenever a client connects to a server via a network, a connection is established and opened on the system. On a busy high-load server, the number of connections connected to the server c…

LCwHost Ltd support department receives a lot of questions about how to optimize the Apache service. This article introduces basic, simple and yet effective ways to optimize Apache service according to VPS resources. By default, Apache "prefork" module is used. When this module is in use, one process serves one query. Those processes must be defined in strict numerical values to avoid VPS resource allocation to Apache only. For traditional Apache optimization, there are four variables used by Apache: • StartServers: number of child server processes created at startup; • MinSpareServers: minimum number of idle child server processes; • MaxSpareServers: maximum numb…

Setup of email server in Linux is simple, but your job does not end there. Customer had experiences where mail gateway has been misconfigured and has caused open relay for a spammer attack. Always pay extra careful attention when you deal with related internet services such as web and email. 1. MX record The Mail Exchanger (MX) is critical to email related information in your DNS. The MX record tells the internet email servers how to handle the your email routing. If you host your own DNS server, please remember to add a MX record. You can perform a simple MX record test. Please change your internal dns server to an external dns server. 2. IP address Use the m…