Hi, I need someone to help check and do some work to make sure our server is setup, 100% correctly and securely.
This is what I have been told to make sure is done.
Application Configuration & Optimization Each configuration file, for services such as Apache, is reviewed and optimized for the server such as [url removed, login to view] and more.
Recompile Apache/PHP Compile PHP and Apache to the latest release with most common modules.
PHPsuexec Support* Compile PHP with PHPsuexec, enhancing security for nobody permissions.
Recompile MySQL Bring MySQL up to date with the latest release available.
Fantastico Installation Most providers include Fantastico with servers but often it is never installed.
Control Panel Configuration We optimize the control panel for the best set of security and configuration options available.
DNS Configuration Correctly setting proper TTL values, and other settings such as SOA refresh which cause [url removed, login to view] errors.
Included Security Enhancements Package
Kernel Upgrade Update the system to the latest kernel supplied by vendor.
OS Updates Operating system updates available by vendor.
Control Panel Updates Latest stable/current release of control panel will be applied.
Hardened Phishing and Anti-Spam Rules We make sure your mail server is protected from inbound and outbound phishing attacks.
RBL and Dictionary Attack Security RBL and Dictionary Attack will be applied to your mail server to help cut down on the volume of spam you receive for known spammers.
HELO/EHLO Additional mail server security checks.
PHP Security Disable dangerious PHP functions such as dl and exec.
PHPsuexec Stops users from being able to write into other users directories, no more 777 files. If you don't have this enabled we'll convert the system for you with minimal disruption - for cPanel only at this time.
Perl Suexec Enable Suexec for Perl security to run as user.
Rootkit and Backdoor checks chkrootkit and rkhunter checks for rootkits, backdoors and other security issues.
Exclusive mod_security installation Our mod_security installation includes our custom mod_security ruleset for maximum protection without service interuptions. (Apache Firewall)
Exclusive mod_security add-on Blocks the top attackers from DShield with mod_security specialized tool.
Partition Security We ensure /tmp and /dev/shm partitions are secure with noexec,nosuid.
Disable Compilers Compilers such as gcc are locked from unauthorized use.
[url removed, login to view] and [url removed, login to view] lockdown Hardens the TCP/IP operations and DNS poisnoning .
Firewall Installation APF firewall is installed with most common ports configured.
Brute Force Protection BFD is installed to prevent mass shell login bruteforcing.
LES Linux Environment Security enforces root permissions on binaries, system paths and immunes important system files.
LSM Linux Socket Monitor watches for changes in open applications using the network and will provide email reports if unrecognized ones are found.
Exclusive Nobody Check Detects malicious user processess running with email reports.
Application Security Configuration We configure services with security in mind such as limiting the Apache signature.
Close Open DNS Servers [url removed, login to view] is optimized ensuring BIND will be secure from DNS problems.
Root shell login alerts and login security message You will get an email notification when someone logs into your server. Also the default shell message is changed to a security notice.
Logwatch Configuration Logwatch emails reports of server health daily.
Clean up users Unneeded users and groups are removed.
Clean up services Unneeded services are disabled.
Secure System Binaries System tools commonly used for malicious purposes are disabled for non root users, such as wget, GET, and more.
DDoS Protection Protect your server from Denial of Service attacks and Apache floods at the software level with our custom made DDoS software.
Antivirus possibly installing, need your opinion, Ruby on rails, would be a bonus, as I can then offer this to my customers, anything else you can recommend, the winning bidder will be awarded work each month to check security.
Please list your suggestions. No Timewaster, quality providers only.