All the following are using root from a ssh window.
Updating the OS
installing clamav
- wget -q -O - http://www.atomicorp.com/installers/atomic |sh
- yum install clamav
- freshclam (this command should update the versions, should do in cron)
- clamav -i -r /var/www --log=/var/log/clamscan.log
- To run antivirus as a cron job (automatically scan daily) just run crontab -e from your command line. Then add the following line and save the file.
- 02 1 * * * root clamscan -i -r /var/www
installing rootkit hunter
- wget http://garr.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.4.tar.gz
- tar -zxvf rkhunter-1.3.4.tar.gz
- cd rkhunter-1.3.4
- ./installer.sh –-layout default –-install
- rkhunter -c
- vi /etc/cron.daily/rkhunter.sh
#!/bin/bash
(/usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s “Your Daily RKHunter Scan Report” mail@yourdomain.com)
- chmod +x /etc/cron.daily/rkhunter.sh
Scanning
Install mod_security with YUM. This tool can prevent a lot of problems, file injections, attacks etc to apache.
- wget -q -O – http://www.atomicorp.com/installers/atomic.sh | sh
- yum install mod_security
You can get the Free Mod_Security Rules.
- cd /etc/httpd/modsecurity.d/
Download rules:
- wget http://downloads.prometheus-group.com/delayed/rules/modsec-2.5-free-latest.tar.gz
Extract it :
- tar -zxvf modsec-2.5-free-latest.tar.gz
Note: Make sure that 00_asl_rbl.conf, 00_asl_whitelist.conf will be uninstalled, renamed or deleted. You can disable some rules what you do not need or create problems. After you done all with your modification restart the apache.
- /etc/init.d/httpd restart
Adding multicast routing to redhat.
- Add multicast routing: route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0
- Optionally enable mutlicast icmp: echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts