CVE-2024-6387 is a critical vulnerability in OpenSSH that impacts systems using the glibc library. This vulnerability allows remote code execution (RCE) as root for unauthenticated users by exploiting a flaw in the default configuration of OpenSSH, particularly related to the LoginGraceTime parameter. Immediate action is required to secure your systems. This article provides a step-by-step guide to mitigate this vulnerability and enhance your overall SSH security.

Steps to Mitigate CVE-2024-6387

1. Update OpenSSH and glibc

Ensure that you are running the latest versions of OpenSSH and the glibc library, as security patches may have been released to address this vulnerability.

Debian-based Systems

Open a terminal and run the following commands:

sudo apt update
sudo apt upgrade openssh-server libc6

RPM-based Systems

Open a terminal and run the following commands:

sudo yum update openssh-server glibc

Regularly check your distribution’s advisories for specific instructions and updates.

2. Modify SSH Configuration

After updating, you need to modify your SSH configuration to reduce the risk of exploitation.

Edit sshd_config

Locate and edit the OpenSSH server configuration file, typically found at /etc/ssh/sshd_config.

1. Reduce LoginGraceTime: Lower the LoginGraceTime parameter to minimize the window for potential exploitation. The default is usually set to 2 minutes; reducing it to 30 seconds is advisable.

   LoginGraceTime 30

2. Disable Root Login: If root login is not necessary, disable it to enhance security.

   PermitRootLogin no

3. Restrict User Access: Ensure that only necessary users have SSH access.

   AllowUsers specific_user

3. Implement Additional Security Measures

Further secure your SSH access by implementing these additional measures:

Key-based Authentication

Switch from password-based authentication to SSH key-based authentication:

PasswordAuthentication no
PubkeyAuthentication yes

Two-Factor Authentication

Enable two-factor authentication (2FA) for SSH access to add an extra layer of security.

Restrict IP Access

Use firewall rules to restrict SSH access to specific IP addresses or networks.

Using ufw on Ubuntu

sudo ufw allow from <trusted_ip> to any port 22

Using firewalld on CentOS/RHEL

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="<trusted_ip>" port port=22 protocol=tcp accept'
sudo firewall-cmd --reload

4. Monitor and Audit

Regularly monitor and audit your SSH access to detect any unusual activities.

1. Monitor SSH Logs: Regularly check SSH logs for any unauthorized login attempts:

   sudo tail -f /var/log/auth.log

2. Implement Intrusion Detection Systems (IDS): Use IDS to detect and alert on suspicious activities.

5. Additional Hardening

Further harden your SSH server with the following measures:

Install and Configure fail2ban

fail2ban can automatically block IP addresses that show malicious signs.

sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

6. Stay Informed

Stay up-to-date with the latest security updates and advisories:

• OpenSSH Security Advisory: OpenSSH Security

• National Vulnerability Database (NVD): NVD

• Ubuntu Security Notices: USN

• Red Hat Security Data: Red Hat

Conclusion

By following these steps, you can mitigate the risks associated with CVE-2024-6387 and enhance the security of your SSH configuration. Regular updates, configuration changes, and additional security measures are crucial in protecting your systems from potential exploits. Stay vigilant and informed to ensure your infrastructure remains secure.

The post Mitigating CVE-2024-6387: A Comprehensive Guide appeared first on Hivelocity Hosting.

• Port 22 serves as the standard port for SSH (Secure Shell), allowing secure remote access to a system.
• Port 80 facilitates HTTP (Hypertext Transfer Protocol), serving web pages.
• Port 443 handles HTTPS (Hypertext Transfer Protocol Secure) traffic, ensuring encrypted communication.

Port scanning probes a system to identify open, closed, or filtered ports. You can perform port scanning using tools such as nmap or netcat. The benefits of scanning ports include:

• Regularly scanning for open ports helps identify potential vulnerabilities. Unnecessary open ports can be exploited by attackers.
• Port scanning reveals which services are running on a host. This information aids network engineers in diagnosing issues.
• By closing unnecessary ports, you reduce the attack surface, enhancing overall system security.

How to Perform a Port Scan in Your Linux System

To scan ports in your Linux system, you will need nmap tool to perform the activity on your local host or remote server. 

1. Install the nmap package using your package manager within your Linux server.

   

2. Use the command sudo nmap -n -PN -sT -sU -p- localhost to scan ports on your local system. Breakdown of components are listed below.
   1. sudo: This prefix grants elevated privileges, allowing the command to run with administrative rights.
   2. nmap: Refers to the Nmap utility, a powerful network scanning tool used for security audits and penetration testing.
   3. -n: Skips DNS resolution, preventing Nmap from performing hostname lookups.
   4. -PN: Skips the discovery phase, assuming that the target host is online without further checks.
   5. -sT: Initiates a TCP connect scan, which attempts to establish a full TCP connection with each port.
   6. -sU: Performs a UDP scan, probing UDP ports to identify open ones.
   7. -p-: Scans all ports, both TCP and UDP, without specifying a port range.

Now that you have the information related to open ports in the server, you will be able to configure the firewall that is in the system accordingly to better control the flow of traffic to your server. Making changes and optimizing the firewall would also increase your server security and provide a safer environment for your production setup.  

Thank you for reading and I hope that you enjoyed this MySQL Overview in Linux guide. For more guides, please check out our Knowledge Base which is updated weekly!

The post Scanning Ports in Your Linux System appeared first on Hivelocity Hosting.

To keep things succinct, the commands will be provided within a table format below following a brief precursor explanation on the various firewalls we’ll be covering here.

Common Firewalls Used in Linux

The following section covers basic background information regarding what firewall types are available within your Linux OS.

iptables

The Linux kernel requires rules for IP packet filtering to be managed in tables. iptables is used to set up, maintain, and inspect these tables of IP packet filtering rules with each table containing built-in chains. The iptables chains are lists of rules which match a set of packets, specifying instructions for each rule on how to handle the packet.

ConfigServer Security & Firewall (CSF)

ConfigServer Security & Firewall or CSF, is a tool that manipulates iptables chains while also providing additional functionality that iptables does not offer. CSF filtering is done on IP addresses, services, and ports.

CSF uses the Login Failure Daemon (lfd) which provides a tool that scans the latest log file entries for login attempts against your server. This is useful for detecting brute-force attacks, allowing lfd to automatically detect the pattern and block the offending IP.

Uncomplicated Firewall (UFW)

Uncomplicated Firewall (UFW) is the default firewall configuration tool for Ubuntu and has been developed to ease iptables firewall configuration by providing a friendly method to create an Ipv4 or Ipv6 host-based firewall.

Firewalld

Firewalld is a service daemon with D-bus interface which provides easy management of the network/firewall zones, assigning different levels of trust to a network and its associated connections. Additionally, the interface also provides the ability to add iptables rules directly.

Table of Commands for Firewall Management

The following is a list of common commands that can be made for the four the Firewall types discussed above.

The post Common Firewall Commands: Iptables, CSF, UFW, & Firewalld appeared first on Hivelocity Hosting.

Ubuntu

Remediation Steps:

Ubuntu 14, 16, 17

apt-get update 
apt-get dist-upgrade 

reboot to complete the update

—-Updated 1/8/18 10:55am EST—–

ProxMox

Remediation Steps:
Follow the instructions found at https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/

—-Updated 1/6/18 3:03pm EST—–

Cloudlinux

yum clean all && yum update kernel-firmware && yum install kernel-2.6.32-896.16.1.lve1.4.49.el6

—-Updated 1/6/18 2:12pm EST—–

OS Specific Information

Redhat (CentOS & ScifiLinux included)

Performance impact details as provided by RedHat- The recent speculative execution CVEs address three potential attacks across a wide variety of architectures and hardware platforms, each requiring slightly different fixes. In many cases, these fixes also require microcode updates from the hardware vendors. Red Hat has delivered updated Red Hat Enterprise Linux kernels that focus on securing customer deployments. The nature of these vulnerabilities and their fixes introduces the possibility of reduced performance on patched systems. The performance impact depends on the hardware and the applications in place.

In order to provide more detail, Red Hat’s performance team has categorized the performance results for Red Hat Enterprise Linux 7, (with similar behavior on Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 5), on a wide varietyof benchmarks based on performance impact:

Measurable: 8-19% – Highly cached random memory, with buffered I/O, OLTP database workloads, and benchmarks with high kernel-to-user space transitions are impacted between 8-19%. Examples include OLTP Workloads (tpc), sysbench,pgbench, netperf (< 256 byte), and fio (random I/O to NvME).

Modest: 3-7% – Database analytics, Decision Support System (DSS), and Java VMs are impacted less than the “Measurable” category. These applications may have significant sequential disk or network traffic, but kernel/device driversare able to aggregate requests to moderate level of kernel-to-user transitions. Examples include SPECjbb2005, Queries/Hour and overall analytic timing (sec).

Small: 2-5% – HPC (High Performance Computing) CPU-intensive workloads are affected the least with only 2-5% performance impact because jobs run mostly in user space and are scheduled using cpu-pinning or numa-control. Examples include Linpack NxN on x86 and SPECcpu2006.

Minimal: Linux accelerator technologies that generally bypass the kernel in favor of user direct access are the least affected, with less than 2% overhead measured. Examples tested include DPDK (VsPERF at 64 byte) and OpenOnload (STAC-N). Userspace accesses to VDSO like get-time-of-day are not impacted. We expect similar minimal impact for other offloads.

NOTE: Because microbenchmarks like netperf/uperf, iozone, and fio are designed to stress a specific hardware component or operation, their results are not generally representative of customer workload. Some microbenchmarks have shown a larger performance impact, related to the specific area they stress.

Source: https://access.redhat.com/articles/3307751

Remediation Steps:

1. Login to root via SSH and run the following command: yum update.
2. Confirm kernel can be downloaded, once accepting the new kernel it should download and install, once complete it will say “Complete!”
3. Reboot the system to apply the kernel with the command: reboot now

Debian (Ubuntu)

No Updates have been released in regards to the CVE’s we will update this once more information has been provided by Debian and Ubuntu Security Teams. So please keep in mind to update at your own risk, and please keep in mind itlooks like these attacks have been known for sometime but they do not know if this has been used maliciously in the wild, so if you do not want to hammer performance or cannot afford to, you are advised against this update until further information has been provided to the public and the programming communities can then see what exactly needs to be patched in order for it to be completely secure.

Remediation Steps: awaiting

Clients with KernelCare (CentOS)

Kernelcare updates are likely going to be out Sunday/Monday for first releases for EL7 (RedHat/CentOS/CloudLinux 7). You can manually patch your server now if you choose not to wait for kernelcare updates by running CentOS kernal updates via yum update followed by a reboot.

Windows Based Platforms

Remediation Steps:
Please check into Windows Updates and reboot the server to complete the installation. With windows there are also registry entries that need to be made, In fact they just added a 3rd one today. Also AV has to be update to be compatible and there is still issues with the mssql patches, It is also possible that even if the AV is updated the update will not be pulled by windows update which means a 4th registry entry has to be made.

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

https://support.microsoft.com/en-us/help/4072699

https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server

VMware

VMWare has posted information for each version at the link below-

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

—-Updated 1/5/18 6:00pm EST—-

It has recently been discovered that most Intel processors contain 2 exploits known as Meltdown and Spectre. Security engineers within Intel and each operating system’s community are working to provide patches to eliminate this threat. We will provide timely updates regarding the situation as new information and patches are released.

Windows dedicated server customers- Microsoft has already released a patch so you will want to make sure you have performed your updates today. We have provided a link below to an article covering how to ensure your anti-virus is not blocking this patch.

Managed Linux dedicated server customers– If you are running CentOS 6.x or 7.x we have updated your kernel already and now you just need to perform a reboot. We are, however, asking each customer to go ahead and perform one more Yum update themselves prior to the reboot just to be safe. For our managed customers not running Redhat, CentOS 6 or 7 please be on the lookout for emails from us providing important information regarding our patching your server(s) and possible instruction to immediately reboot your server. cPanel has posted their latest updates on the subject here.

Self-managed Linux dedicated server customers– please be diligent in your research of how to patch your particular environment and OS. We will post timely updates and instruction per OS as it becomes available. Redhat, CentOS 6 and 7 should be able to patch their servers now by performing a Yum update followed by a reboot.

You can find more information regarding Meltdown and Spectre at:

• https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
• https://meltdownattack.com/
• https://www.cloudlinux.com/cloudlinux-os-blog/entry/intel-cpu-bug-kernelcare-and-cloudlinux
• https://www.redhat.com/en/blog/what-are-meltdown-and-spectre-here%E2%80%99s-what-you-need-know?sc_cid=7016000000127NJAAY
• https://www.zdnet.com/article/windows-meltdown-spectre-fix-how-to-check-if-your-av-is-blocking-microsoft-patch/
• https://documentation.cpanel.net/display/CKB/Meltdown+-+CVE-2017-5753+CVE-2017-5715+CVE-2017-5754

The post Intel CPU Exploits Meltdown and Spectre – What You Need to Know appeared first on Hivelocity Hosting.

It is increasingly important to ensure that any data sent to websites is transmitted using encryption to protect visitors to the site. SSL certificates provide a method to encrypt data during transmission to the server. Any ubuntu server is capable of providing secure connections to sites hosted there by a web server such as Apache or Nginx.

Ordering the Certificate

Select the desired product as listed on: https://www.hivelocity.net/enhancements/ssl/

Select the certificate type from the list and look for the option to request this certificate. You will be prompted to log into your account if you are not already logged in.

Once you click buy now you will be prompted to answer a series of questions that are required to create the certificate, explained below:

Country Name:

This is the two-letter abbreviation for your country. For example, United States would be US.

State or Province Name:

This is the full name of the state your organization operates from. For example, this might be “Florida” or “Ohio”.

Locality Name:

Name of the city your organization operates from. Examples might include “Lansing” or “Phoenix”. Don’t use abbreviations in this field. For example, “St. Petersburg” should be “Saint Petersburg”

Organization Name:

The name of your organization. If you are a business, you must use your legal name. If you are applying as an individual, you use your full name instead.

Organizational Unit Name:

If applying as a business, you can enter your Business name here. Alternately, you can use a department name here. For example, “IT Department” or “Web Administration”.

Common Name:

The domain name that you are purchasing an SSL certificate for. This must be a fully qualified domain name (FQDN). In this example, this would be: example.com

Once this information is submitted you will need to select an address to receive the authorization email that will confirm your own or control the domain you are requesting a certificate for. Please create one of the address options if they do not already exist. This will also be the email address the SSL certificate is sent to.

Choose and complete the required billing information and check the email address selected for validation. Once this is completed it’s typically just a few minutes before the SSL files are sent to the same inbox.

Uploading certificate files

The SSL files will be delivered in a compressed format many tools are available to decompress the files. If you do not already have one installed consider using 7-Zip https://www.7-zip.org/

You will need to upload both the certificate file ending in .crt as well as any ca bundle files and the private key.

Once you have your decompressed SSL certificate files Use Filezilla for Windows or Cyberduck to place the files on your Ubuntu web server.

For more inforamtion or to download filezilla visit:

https://filezilla-project.org/

Or for Mac users that need an alternative:

https://www.ssh.com/ssh/cyberduck/

Using either tool connect to your Ubuntu server In this example my Ubuntu server is responding at 192.168.100.100 so I use the following when configuring a host or server to connect to;

host: sftp://192.168.100.100

and provide your ssh user and password

You can drag the SSL files to any location displayed on your server to upload them from your local computer. In this example, we will place the SSL in the path /etc/ssl

Configuring the Web Server

There are many popular web servers available that are supported by Ubuntu. The most common are Apache and Nginx.

Nginx example

First, ensure nginx has the following options in the HTTP section of /etc/nginx/nginx.conf

http {
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
}

For Nginx it is required to have all the certificates (one for your domain name and CA ones) combined in a single file. The certificate for your domain should be listed first in the file, followed by the chain of CA certificates.

If you have downloaded a complete CABundle file for your certificate, replace chain files’ names with the name of your downloaded file. COMODO_DV_SHA-256_bundle.crt is the example for PositiveSSL certificate. It will look like:

$ cat *example.com*.crt COMODO_DV_SHA-256_bundle.crt >> cert_chain.crt

or

$ cat *example.com*.crt *example.com*.ca-bundle >> cert_chain.crt

We will need to create and edit a new file for our new domain names SSL certificate in /etc/nginx/conf.d/. To open the file for editing run:

nano /etc/nginx/conf.d/example.com.conf

We will add the following information for nginx to use to access the SSL certificate:

server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server ;
server_name example.com www.example.com;
root /var/www/example.com;
ssl_certificate /etc/ssl//example.com.crt;
ssl_certificate_key /etc/ssl//example.com.key;
}

Once you have modified the VirtualHost file, it is required to restart Nginx in order to apply the changes. You can restart Nginx with this command:

nginx -s reload

The above examples are general recommendations. For complete details on SSL options for nginx please visit their site! https://www.nginx.com

Apache2 example

If your site needs to be accessible through both secure (https) and non-secure (http) connections, you need two separate files in /etc/apache2/sites-enabled/. One file is for port 80 and the other file is for port 443.

Create a new file for your domain in /etc/apache2/sites-available using:

nano /etc/apache2/sites-available/ssl-example.com

and include the following information:

<VirtualHost 0.0.0.0:443>
DocumentRoot /var/www/example.com
SSLEngine on
SSLCertificateFile /etc/ssl/example.com.crt
SSLCertificateKeyFile example.com.key
SSLCertificateChainFile /etc/ssl/cert_chain.crt
</VirtualHost>

Enable the new site:

sudo a2ensite example.com

Ensure that the SSL module is loaded:

sudo a2enmod SSL

and check the changes to apache:

Apachectl configtest

then restart apache to apply changes

/etc/init.d/apache2 restart

Full details and configuration options for apache with SSL are available at:
https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html

Should have any questions or problems during your SSL order or installation please don’t hesitate to contact our staff for advice or assistance via phone at (888) 869-4678 or via a new support ticket created in your my.hivelocity.net customer portal.

The post How to Purchase and Install an SSL Certificate on Ubuntu appeared first on Hivelocity Hosting.

Maldet is a commonly used abbreviation for Linux Malware Detect (LMD), a malware scanner for Linux released under the GNU GPLv2 license.

What makes Maldet unique, is that it is designed around the threats faced in shared hosting environments. Maldet works by using threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection.

How to Install Maldet in 5 Easy Steps

Before you can run a scan with Maldet, you’ll need to download, unpack, and install it onto your server. By following these five easy steps though, you’ll be up and running in no time. Best of all, the process can be completed entirely from within your server’s terminal by using the following series of commands.

1. First, you’ll need to log in to your server with root user.

2. The Maldet installation pack is not available from online repositories, but is instead distributed as a tarball from the project’s official web site. The tarball containing the source code of the latest version can be downloaded directly using the following command or by accessing this link:
   
   wget https://www.rfxn.com/downloads/maldetect-current.tar.gz

3. Once the tarball is downloaded, you’ll need to unpack it and enter the directory where its contents were extracted. To extract the file, use the command shown below and hit enter.

   tar -xvf maldetect-current.tar.gz

4. Now, move to the Maldet directory using the cd command:

   cd maldetect-1.4.2

   *Note: the above command is specific to maldetect version 1.4.2. Depending on which version of Maldet is current, this command will change. Be sure to use the version number that aligns with the version of Maldet which you unpacked in step 3. For instance, if you’ve downloaded maldetect ver 1.6.4, you should use the command  cd maldetect-1.6.4.
   

5. Once you’ve moved into the Maldet directory, you will have to execute the installation script. This can be done by entering the command below and then hitting enter.

   ./install.sh

Updating the Maldet Client

Now that the client has been installed, it’s critical to make sure that the definitions and scan signatures are up-to-date prior to every malware scan. Updating definitions helps ensure that the latest known malware threats are detected, so long as they are in the database which it is being updated from.

To update your Maldet client, just follow these steps:

1. First, to update the Maldet definitions, run the following command:

   maldet -u

   

2. Next, to ensure optimal performance when running maldet -u, run this second command as well:

   maldet -d

   

Running a Scan with Maldet

Now that Maldet is installed, you can check to make sure it’s working correctly by running a scan on your server to identify infected files. To run a scan, enter the following command:

maldet –a

As you can see in the image above, if everything has been entered correctly, you should see that Maldet has started scanning now.

A report is made for every Maldet scan performed in the system. The event log along with the completed reports can all be viewed using the following commands:

1. To view the events and scan status, just run the following command:

   tail /usr/local/maldetect/logs/event_log

   
   

2. To view a list of all the reports made by Maldet, run the following command. *Note: there are two hyphens before the “report list”.

   Maldet –report list

   
   

3. Once a report of interest has been presented, run this second command with the relevant “SCAN ID” to view the individual report in detail. *Note: you will need to replace “SCANID” in the command below with an actual ID number. See the screenshot below.

   maldet –report SCANID

   

   

And with that, you should now be able to run Maldet scans as needed and check the results of past scans whenever necessary.

Popular Links

Looking for more information on Maldet? Search our Knowledge Base!

Interested in more articles about Security? Navigate to our Categories page using the bar on the left or check out these popular articles:

• How to Clear the YUM Cache
• How to Install CSF (ConfigServer Firewall)
• Reset the MySQL Root Password on Windows Server

Popular tags within this category include: YUM, Maldet, SSL, and more.

Don’t see what you’re looking for? Use the search bar at the top to search our entire Knowledge Base.

The Hivelocity Difference

Seeking a better Dedicated Server solution? In the market for Private Cloud or Colocation services? Check out Hivelocity’s extensive list of products for great deals and offers.

With best-in-class customer service, affordable pricing, a wide-range of fully-customizable options, and a network like no other, Hivelocity is the hosting solution you’ve been waiting for.

Unsure which of our services is best for your particular needs? Call or live chat with one of our sales agents today and see the difference Hivelocity can make for you.

The post How to Install Maldet and Run a Scan appeared first on Hivelocity Hosting.

CSF works by utilizing the Login Failure Daemon (lfd), which provides a tool that scans the latest log file entries for login attempts against your server. This is useful for detecting brute-force attacks, allowing lfd to automatically detect the pattern and block the offending IP. 

*NOTE: These instructions are based on a live document that might change in the future, meaning it’s important to review it prior to proceeding. The instructions from the file have been tested and broken down below at the time of writing this article and include further troubleshooting information that is not present in the live document.

The file can be found in the following link – https://download.configserver.com/csf/install.txt 

Installing ConfigServer Firewall (CSF)

To install CSF onto your Linux distribution, just follow along with the instructions below. *Note: Be sure to update your packages with package manager to ensure you have the latest versions available to you.

1. First, in order to install CSF, you must log in to your server with root user.
    
2. Next, before downloading CSF, make sure that you have the following packages installed on your system using sudo apt install followed by the name of the packages you’re installing:
   1. perl-libwww-perl and/or libwww-perlc (*Note: some distributions might not require or have these available)
   2. wget
   3. tar
   4. nano
       
      
       
3. Now, navigate to the /usr/src directory
    
   cd /usr/src
    
   
    
4. Next, download the CSF installation pack (contained in a compressed tarball) using the following command:
    
   wget https://download.configserver.com/csf.tgz
    
   
    
5. The downloaded file is compressed, so it has to be uncompressed and extracted before it can be used. To extract the file, use the following command and hit enter.
    
   tar -xzf csf.tgz
    
   
    
6. Now it is time to execute the CSF’s installer script. Move to the csf directory (by using: cd /usr/src/csf) and execute the following installation script:
    
   sh install.sh
    
   
    
   *Note: If this fails with either an error stating “Can’t locate Net/SMTP.pm” or “Can’t locate Math/BigInt.pm“, then install perl-Net-SMTP-SSL perl-Math-BigInt and run the CSF installation script again.
    
7. Now that CSF is installed, run the following test script to ensure all prerequisites are present:
    
   perl /usr/local/csf/bin/csftest.pl
    
   
    
8. Assuming that everything is working correctly, the next step is to disable firewalld to reconfigure CSF using the following command:
    
   systemctl stop firewalld
   followed by
   systemctl disable firewalld
    
   
    
9. Next, edit /etc/csf/csf.conf to change the value of “TESTING = 1” to “TESTING = 0”. The item is present at the very top of the document.
    
   *Note: Editing can be completed via nano or vim. Remember to save the file when you’ve finished making the edits.
    
   
    
10. With your edits complete, the next step is to restart CSF using the following command:
     
    systemctl restart {csf,lfd}
     
    *Note: if you receive an error on AlmaLinux 9 or any other distro that says “Can’t locate lib.pm in @INC“, then the epel-release and perl packages need to be installed.
     
11. Now, enable CSF and lfd and check whether the service is active using the following commandS:
     
    systemctl enable {csf,lfd}
    Followed by
    systemctl is-active {csf,lfd}
     
    
     
12. Lastly, you can check if the required iptables modules are available using the following command:
     
    perl /usr/local/csf/bin/csftest.pl
     
    
     
    If no fatal errors are reported, then the firewall should be working correctly.

And there you have it! If you have WHM installed on your server, you can also double-check that CSF is working properly by checking under WHM’s menu >> Plugins >> ConfigServer Security&Firewall.

Popular Links

Looking for more information on CSF? Search our Knowledge Base!

Interested in more articles about Security? Navigate to our Categories page using the bar on the left or check out these popular articles:

• How to Clear the YUM Cache
• How to Install Maldet and Run a Scan
• Reset the MySQL Root Password on Windows Server

Popular tags within this category include: YUM, Maldet, SSL, and more.

Don’t see what you’re looking for? Use the search bar at the top to search our entire Knowledge Base.

The Hivelocity Difference

Seeking a better Dedicated Server solution? In the market for Private Cloud or Colocation services? Check out Hivelocity’s extensive list of products for great deals and offers.

With best-in-class customer service, affordable pricing, a wide-range of fully-customizable options, and a network like no other, Hivelocity is the hosting solution you’ve been waiting for.

Unsure which of our services is best for your particular needs? Call or live chat with one of our sales agents today and see the difference Hivelocity can make for you.

The post How to Install CSF (ConfigServer Firewall) appeared first on Hivelocity Hosting.

What is yum?

The Yellowdog Updater, Modified (yum) is an open-source command-line package-management utility for Linux operating systems using the RPM Package Manager. Yum allows automatic updates, package and dependency management, on RPM-based distributions. Like the Advanced Packaging Tool (APT) from Debian, yum works with software repositories (collections of packages), which can be accessed locally or over a network connection. Under the hood, yum depends on RPM, which is a packaging standard for digital distribution of apps, which automatically uses hashes and digisigs to verify the authorship and integrity of such apps; unlike some app stores, which serve a similar function, yum nor RPM provide built-in support for proprietary restrictions on copying of packages by endusers. Yum is implemented as libraries in the Python programming language, with a small set of programs that provide a command-line interface. GUI-based wrappers such as yumex also exist.

How to clear the yum cache:

When a package is downloaded, installed and is removed there is a chance that the package may still be saved/stored in the yum’s cache. So to clean all the cached packages from the enabled repository cache directory, login as root and execute the following:

yum clean packages

To purge the old package information completely, execute the following command:

yum clean headers

To clean any cached xml metadata from any enabled repository, execute the following

yum clean metadata

If you wish to clean all the cached files from any enabled repository at once, execute the

Following command:

yum clean all

Popular Links

Looking for more information on YUM? Search our Knowledge Base!

Interested in more articles about Security? Navigate to our Categories page using the bar on the left or check out these popular articles:

• How to Install CSF (ConfigServer Firewall)
• How to Install Maldet and Run a Scan
• Reset the MySQL Root Password on Windows Server

Popular tags within this category include: YUM, Maldet, SSL, and more.

Don’t see what you’re looking for? Use the search bar at the top to search our entire Knowledge Base.

The Hivelocity Difference

Seeking a better Dedicated Server solution? In the market for Private Cloud or Colocation services? Check out Hivelocity’s extensive list of products for great deals and offers.

With best-in-class customer service, affordable pricing, a wide-range of fully-customizable options, and a network like no other, Hivelocity is the hosting solution you’ve been waiting for.

Unsure which of our services is best for your particular needs? Call or live chat with one of our sales agents today and see the difference Hivelocity can make for you.

The post How to clear the YUM cache? appeared first on Hivelocity Hosting.

Usually, the package repositories are located in the definition files.You can find them in the directory named /etc/yum.repos.d . In order to disable the file, modify the proper file and set the below given parameter.

enable = 0

The above parameter will keep the repository, however it will disable it until you decide to use it in future.

Removing the Repository Completely

Simply delete the above file to remove the repository completely.

The post How to disable and remove package repositories using YUM. appeared first on Hivelocity Hosting.

1. Login to your server as root.
2. Download latest version of rootcheck to the server.

wget https://www.ossec.net/rootcheck/files/rootcheck-2.4.tar.gz

1. Verify its checksum for security

wget https://www.ossec.net/rootcheck/files/rootcheck-2.4_checksum.txt
cat rootcheck-2.4_checksum.txt
md5 rootcheck-2.4.tar.gz
sha1 rootcheck-2.4.tar.gz

The entries should match the corresponding checkum entries in the text file.

1. Extract the contents to the server.

tar -zxvf rootcheck-2.4.tar.gz

1. Execute the following commands for the installation of rootcheck

cd rootcheck-2.4
make all

1. Run root check.

Once it completely scan’s the server, you should view the results, after that further actions can be taken.

The post How to install RootCheck on the server? appeared first on Hivelocity Hosting.

Edit /usr/lib/php/php_whitelist , enter the domain in this file once with www & once without www.

That’s it J

The post What the steps to add a new domain in securephpx whitelist? appeared first on Hivelocity Hosting.