The service consists of the following:
GENERAL REVIEW – check for hacks and suspicious files, update software versions
OPERATING SYSTEM AND ENVIRONMENT – review and update users, optimize PHP security
settings
WEB SERVER – perform SSL checks and fix as appropriate
MAIL SERVER – restrict to outbound traffic if not used for inbound mail
APPLICATION SPECIFIC – check permissions for all applications, fix insecure permissions as
needed, test for insecure web forms and prepare exceptions list
DATABASE SERVER SPECIFIC – disable public IP if not needed, verify strength of passwords,
restrict permissions to what is necessary, remove users that are not needed
FIREWALL – Configure IPtables to restrict access to what is needed for both inbound and outbound
traffic
FINAL REVIEW
-
Disable unused services
-
Install Logwatch to detect and report common anomalies
-
Install and tune fail2ban to look for ssh attempts and Apache hacks
-
Install mod_security – iInstall and configure mod_security web application firewall
-
Provide report on Web app update services for apps used
-
Run a security scan against the Virtual Server, fix or advise customer on exceptions
Notes:
1. Versions – In some cases the operating system, applications or other software on older
environments can not be upgraded due to end of life, cost, or practical reasons. In this case you will
have to move to a newer eApps hosting service to ensure that you have the most secure environment.
2. Risks – The eApps SECURITY ANALYSIS AND HARDENING SERVICE will improve the security
of your Virtual Machine. However, there is no guarantee that your environment is perfectly secure
due to several factors.
