Web Server Security and Service Installation, Configuration and Upgrading
#> ConfigServer Firewall/Login Failure Daemon (order)
Let us COMPLETELY configure and setup CSF/LFD so that it works on your server at maximum capacity. CSF/LFD is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers. Let us configured CSF/LFD to alert you of attacks and block DDoS Attacks!
#> EXIM Phishing Protection (order)
Tired of spammers and phishers using and abusing your e-mail service before you have a chance to stop them? Let us make some modifications with our latest up-to-date protection list to EXIM which will block most phishers and they won't get your IPs blacklisted!
#> IonCube & ZendEncoder (order)
Let us install and setup both IonCube and Zend on your server so that your clients can make full use of PHP applications.
#> CHKRootkit (order)
Let us install and setup CHKRootkit Hunter on your server which will monitor for rootkits and compromised files and send you e-mail logs.
#> RKHunter (order)
Let us install and setup RKHunter on your server which will monitor for rootkits and compromised files and send you e-mail logs.
#> LES (Linux Environment Security) (order)
Let us install and configure LES for maximum performance so that you get the MOST out of your server!
Linux Environment Security is intended as a facility to quickly & easily secure RedHat/RPM based environments. It does such by enforcing root-only permissions on system binaries (binaries that have no place being executed by normal users), enforcing root-only path traversal on system paths, enforcing immutable bit on essential rpm package contents (i.e: coreutils), and enforcing immutable bit on shell profile scripts.
The combined usage of all LES options provides an increased level of local environment security, with the goal of preventing environment based attacks. Such attacks would consist of compromised system binaries; tainting the $PATH variable to point to invalid paths where trojan/malicious binaries are located; alterations to user profile scripts to activate key loggers or process based hi-jacking; traversal exploration of the system paths etc; the possible attack trends are numerious hence the importance of hardening the local environment space.
#> LSM (Linux Socket Monitor) (order)
Let us install and configure LSM for maximum performance so that you get the MOST out of your server!
LSM is a network socket monitor; it is designed to track changes to Network sockets and Unix domain sockets, effectively a port monitor. It does this by a rather simple differential based comparison of current and new server sockets (Server Ports). A simple and configurable alerting system sends alerts whenever new ports activate. LSM will ignore services that are currently holding sockets open, events are only applicable when a 'new' socket (port) is created.
#> NSIV (Network Socket Inode Validation) (order)
Let us install and configure NSIV for maximum performance so that you get the MOST out of your server!
Network socket inode validation is a rule based utility intended to aid in the validation of inodes against each LISTEN socket on a system. The nature for this app is such that rouge binaries can easily hijack a user, program privileges, or work space; and utilize such to kill the old service & execute a new service on the known port they crashed. The best known examples of this trend is 'tmp' path uploaded content via php remote include exploits; which is executed, crashes the web server and starts a rouge httpd process and other such items.
A simple structure of validation is used by NSIV to verify the integrity of services on a given system. The rules system has 3 required variables; the first being a declared PORT value for which the service is known to operate on, the second is the BIN value which is simply the path to your service executed binary and the third option is the RST value which points to an init script with restart flags.
The execution cycle of NSIV is very simple, first it determines the running process ID of your binary followed by the trusted inode (that which is associated to the BIN variable). Then, the PORT value is used to check that the binary holding said port open actually references back to the trusted inode, if it does not then we assume the service has been hijacked and the PID is killed / RST executed with optional e-mail alert dispatched.
#> PRM (Process Resource Monitor) (order)
Let us install and configure PRM for maximum performance so that you get the MOST out of your server!
PRM monitors the process table on a given system and matches process id's with set resource limits in the configuration file or per-process based rules. Process id's that match or exceed the set limits are logged and killed; includes e-mail alerts, and kernel logging routine.
#> SIM (System Integrity Monitor) (order)
Let us install and configure SIM for maximum performance so that you get the MOST out of your server!
SIM is a system and services monitor for 'SysVinit' systems. It is designed to be intuitive and modular in nature, and to provide a clean and informative status system. It does this by consistently verifying that services are online, load averages are in check, and log files are at reasonable sizes. Many other SIM modules sport different and in-depth features to bring a well rounded tool to your disposal to stop otherwise common issues daunting internet hosts.
#> SPRI (System Priority) (order)
Let us install and configure SPRI for maximum performance so that you get the MOST out of your server!
The problem? Linux has priority levels to thread all tasks at, these prio's are ranged from -20 to +19 (negative = high prio, positive = low prio) with 0 as the default for all processes. So this being the fact, with everything operating at prio 0 you got fights between services as to who gets what resources first.
Solution? Very simply, que different processes at different priority levels to effectively discipline the system on who gets what resource access first. SPRI (System Priority) is a utility designed to que different processes with different priority levels based on 3 class levels of importance (high,med,low). The average load level of a server can be substantialy decreased by using spri, by as much as 20%, of course results may vary.
#> Kernel Configuration Package (order)
The kernel is the heart of your server, and having an old and outdated kernel puts your server at risk for exploitation. Make sure your server stays up-to-date and secure, and make sure you put this task in the hands of true kernel experts.
We will also fine tune your kernel so that it only contains what is needed on your server.
#> GRSec Kernel Configuration Package (order)
grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model.
Advantages to a GRSecurity Kernel?
An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration
Change root (chroot) hardening
/tmp race prevention
Prevention of arbitrary code execution, regardless of the technique used (stack smashing, heap corruption, etc)
Prevention of arbitrary code execution in the kernel
Randomization of the stack, library, and heap bases
Kernel stack base randomization
Protection against exploitable null-pointer dereference bugs in the kernel
Reduction of the risk of sensitive information being leaked by arbitrary-read kernel bugs
A restriction that allows a user to only view his/her processes
Security alerts and audits that contain the IP address of the person causing the alert
▶ SolidShellSecurity.com. Providing Quality and Secure Hosting and more!! Starting under $1/mo. Want a coupon? e-mail us!
▶ 99.9% Uptime + Daily security scans + 24/7/365 Helpdesk, Phone & Live Chat Support + Secure + Earn discounts/rewards the longer you host with us!