Server Tech Support ‘s server security service for Linux servers provides you linux server security,  hardening and optimization in many different areas of server. First of all we will do the optimization of common used services such as HTTP(Apache/Litespeed), FTP(PureFtp/ProFtp), DNS (Bind/NSD) and SSH (OpenSSH Server). Then we do the server optimization and server hardening at OS and kernel level for maximum security and performance against synflood attacks, spoofed packets, DNS poisoning, ICMP DOS/redirect attacks and more. We will also make sure that directories have correct permission and secure the temporary directories /tmp and /var/tmp to protect against intrusions and attacks. All unnecessary packages, services and processes are disabled to increase performance.

Features of Advanced Linux Server Security Services

24x7 server monitoring

HTTP Intrusion and DOS Protection

  • mod_security – Install and configure mod_security for Apache with custom ruleset.
  • mod_evasive – Install and configure DOS, DDOS, and brute force detection and suppression for Apache. Available on request.
  • PHP SuHosin – PHP Hardening through the Hardened PHP Project.
unlimited support tickets

Server Hardening

  • Apache Hardening– Increased security on Apache.
  • SSH Hardening– Custom SSH Port and limited connections.
  • Bind Hardening– Enable protection against DNS recursion attacks.
  • Ensure Filesystem Permissions– Fix permission on world writable directories and prevent against directory-transversal attacks.
  • /tmp and shm(shared memory) Hardening– Configure noexec, nosuid on tmp and shm mounts.
  • Fetching utilites hardening– Allows root-only access of wget, curl, and other utilties often used in web-based attacks.
  • Remove unnecessary packages– removes RPMS which are not needed to prevent against potential vulnerabilities and free up disk space.
  • Disable unused services– Disable services which are not used.
  • Disable unneeded processes– Disable processes which are not needed for server operation.
  • Secure console access
  • PHP Hardening– Enable SuHosin, OpenBaseDir protection and more.
  • FTP, HTTP file upload Scan – Pure-ftp and Apache will be configured to scan all uploaded files using ClamAV. This will highly reduce the risk of virus files being uploaded to your server.
  • Linux Socket Monitor– (Optional)Track changes to Network sockets and Unix domain sockets, effectively a port monitor.
  • System Integrity Monitor– (Optional)services monitor for ‘SysVinit’ systems.
  • Linux Environment Security– (Optional)root-only permissions on system binaries .
server firewall

Firewall Configuration

  • CSF – Packet Inspection (SPI) firewall and Security application.
  • LFD – Detect and prevent Login Intrusion.
  • APF – Configure both ingress and egress firewall protection.
  • BFD – Detect and prevent brute force attacks.
  • CPHulk – Detect and prevent brute force attacks.

24/7 server management

Spam Prevention and Anti-Virus Protection

  • ClamAV – Configure for e-mail and virus scanning (Exim Integration). Enable auto-updating anti-virus definitions.
  • Realtime Blackhole Lists (RBLs) – Configure email server with RBLs loaded to prevent spam.
  • Harden Mailserver Configuration – Prevent against detection of valid e-mail address through brute-force attacks. Also enable HELO verification and other sanity checks.
  • Dictionary Attack Protection – Prevent spammers guessing email addresses on your server.
  • Checksum-based Collaborative Filtering – DCC and Razor to detect mass-mails.
server optimization

Server Optimization

  • Apache Optimization – Apache performance optimization by tweaking settings.( Optional: Install Nginx as a proxy/load balancer for Apache )
  • PHP Configuration – Widely used PHP modules will be enabled for maximum compatibility.
  • MySQL Optimization – MySQL performance Optimization using my.cnf and enabling query caching.
  • PHP Caching – Optimizes PHP performance through Xcache/Eaccelerator/Memcache script caching.
  • Monitoring Apps – We will install MyTOP, Iptraf, and Iftop utilities to easily monitor server performance.
  • Process Resource Monitor – monitor and kill processess overloading the server (Optional)
  • SPRI ( System Priority ) – control server load(optional)
  • CloudFlare Installation
sever security audit

Security Audit

  • Rootkit Hunter – Nightly scan to detect system intrusions.
  • Chkrootkit – Nightly scan to detect system intrusions.
  • Nobody Process Scanner – Scans for unauthorized “nobody” processes.

$35/Server – Signup Now