Friday, December 22, 2017

some notes on rkhunter

A security tool to prevent rootkits, rkhunter - some notes, made for a server I help to administer -

1. I will now change the rkhunter configuration file so that the emails will come to me instead of coming to you. vim /etc/sysconfig/rkhunter

2. the hidden file warning message is about  /etc/.brand which just says hostgator - it is just a branding file from hostgator. Totally harmless.

3. I will prevent ssh login without keys. That is, password-based ssh login using terminal will be disabled. This is a good security feature, since the ssh is routinely hit with brute force attacks. 

4. It looks like rkhunter does not play nice with user-compiled or modified files. I will set up rkhunter to ignore all the currently available files, and only give warnings for new files. Basically by editing the whitelist, and running
sudo rkhunter --update
sudo rkhunter --propupd

https://www.linuxquestions.org/questions/linux-security-4/rkhunter-package-manager-fail-warnings-on-centos-5-running-whm-11-a-871791/

https://www.digitalocean.com/community/tutorials/how-to-use-rkhunter-to-guard-against-rootkits-on-an-ubuntu-vps

Sunday, December 17, 2017

AutoSSL feature of WHM

Found that WHM has an AutoSSL feature, which will automatically configure SSL for selected (or all) users. The AutoSSL feature can be used with LetsEncrypt.org also, by running the shell script  /scripts/install_lets_encrypt_autossl_provider
as root, as mentioned in the documentation.

So, no need of going through the painful process of WHM SSL certificate installation.

And if we want to redirect all users using http to https, we can use the htaccess file, as given here