Advertisment

Sunday, 30 March 2014

Securing the System

Securing the System

Spend a few days becoming accustomed to your new server, browsing the various features of webmin. But when you are done looking around you should recognize that there are certain security risks in having SSH and webmin running. Therefore, within a few days you should consider locking down the server by restricting access to both.

To disable webmin, go to the System icon at the top of webmin, then click on the “Bootup and Shutdown” icon. Click the webmin service. Next to “Start at boot time?” select the “No” radio button, then click the Save button. Now go back into the webmin service again and click the “Stop Now” button. Webmin should no longer be accessible.

Kloxo recommends changing the SSH communications port from 22 to something else for security (perhaps 522). While I have no objection to doing that, and you might just go ahead and do it to get Kloxo to stop bugging you about it, I suggest that terminal access isn’t necessary most of the time for maintaining a Kloxo hosting server. For that reason I simply disable SSH when I’m not actively using it, and you might consider doing the same. But recognize that disabling SSH is controversial, since you are locked out of the system and have no way to make command line repairs if you lose your Kloxo control panel. Consider the disabling of SSH carefully. As an alternative, you might consider SSH Authorized Key access instead, which can be configured through Kloxo.

Remember! If you change any ports to non-standard ports they will need to be added to the SPF firewall configuration, and APF will need to be restarted to apply changes, as follows.

/usr/local/sbin/apf –r

To disable SSH terminal access, login to Kloxo as administrator. In the security box, click the SSH Config icon. Put a check mark in the box next to “Completely Disable Password Based Access”.

Click the Update button.

Your system is now locked out. You can still administrate Kloxo and you still have basic VPS services access, but otherwise your system is inaccessible.

You should reboot the system from time to time (perhaps every month or so), to make sure that any kernel updates are applied and to flush memory. You can do that from either the VPS control panel or Kloxo administration (look in the Machine box in the admin panel).

No comments:

Post a Comment