VPS Server Protection Tools
VPS Server Protection Tools
Server hardening is the process of configuring a server in order to protect it from hacking. For example, you can protect the GRUB loader with a password to prevent an attacker from changing the download process, or install a tool such as ArpWatch, developed by the Lawrence Berkeley National Laboratory, which allows you to detect signs of ARP spoofing.
If you are not careful when protecting a virtual VPS server, you may end up accidentally blocking it or limiting its capabilities too much.
To protect the virtual server, compilers are often disabled, this will prevent an attacker from compiling malware on the server. But if you are going to use a virtual server for pentest and ethical hacking, then you should not do this, since you will need a compiler to compile your tools.
The Center for Internet Security (CIS) provides a list of system security recommendations called CIS Benchmarks. Use these recommendations to protect the VPS server and take them into account when auditing corporate security systems.
If you have problems with English, then tools such as Jshielder, debian-cis and nixarmor will help. They allow you to automatically apply many of the CIS recommendations to your server.
You can install the JShielder tool as follows:
root@debian:~/# git clone https://github.com/Jsitech/JShielder
Go to the JShielder folder and run the script JShielder.sh:
.\JShielder
It will prompt you to select the operating system you want to protect.:
------------------------------------------------------------------------[+] SELECT YOUR LINUX DISTRIBUTION------------------------------------------------------------------------ 1. Ubuntu Server 16.04 LTS2. Ubuntu Server 18.04 LTS3. Linux CentOS 7 (Coming Soon)4. Debian GNU/Linux 8 (Coming Soon)5. Debian GNU/Linux 9 (Coming Soon)6. Red Hat Linux 7 (Coming Soon)7. Exit
Such tools often install rootkit detection tools like rkhunter or chkrootkit. In addition, they can install intrusion prevention systems such as fail2ban, which update the rules of your firewall so that it blocks IP addresses after several failed authentication attempts.
Many tools designed to protect the server use iptables in configuring firewall rules. If you want to change these rules yourself, you can use one of the interfaces developed for iptables. The best of them is the Uncomplicated Firewall. To install this utility, use the command:
root@debian:~/# sudo apt-get install ufw
After installing it, you can configure the firewall using just a couple of commands. For example, the following command sets blocking of all incoming packets as the default policy:
root@debian:~/# ufw default deny incoming |
Then you can add exceptions. For example, we could allow SSH connections and connections via port 8080 to connect to the server:
root@debian:~/# ufw allow sshroot@debian:~/# ufw allow 8080
After completing the rules configuration, turn on the firewall by running the ufw enable command:
root@debian:~/# ufw enable
Use the ufw status command to view the status of the firewall and a summary of its rules:
root@debian:~/# ufw statusStatus: active To Action From-- ------ ----22/tcp ALLOW Anywhere8080 ALLOW Anywhere22/tcp (v6) ALLOW Anywhere (v6)8080 (v6) ALLOW Anywhere (v6)
Another useful tool called SELinux, developed by the NSA and Red Hat, adds an additional policy attribute to operating system files. This attribute, in combination with the SELinux policy rules, controls access to and modification of these files. When a process tries to access a file, SELinux checks the policy attributes of that file to find out if that process has permission to access it.
In addition, SELinux logs all blocked access attempts, which makes the logs of this tool an excellent resource for detecting intrusions.
Run the following command to install SELinux with the default policy:
sudo apt-get install selinux-basics selinux-policy-defaultauditd |
When the installation is complete, activate SELinux and restart the system:
root@debian:~/# sudo selinux-activate
In addition to strengthening the server, you should also enable full disk encryption.
Go back