How to install Webhosting Guide

RootCheck scans the system looking for possible  trojans ,scans the ports for malicious activity ,and checks for rootkits,and also the logs,permissions and more.

Installation Instructions
Login to your server and su to root.

wget http://www.ossec.net/rootcheck/files/rootcheck-0.4.tar.gz

tar -xvzf rootcheck-0.4.tar.gz
cd rootcheck-0.4
./install

This will take you to an interactive installtion. Make sure you have CPAN on your box because rootcheck requires the Perl Modules IO::Interface.

If the installtion is finished you will get this message

Compilation sucessfull. Ready to go.
 
---------------------------------------------------------
 That's it! If everything went ok, you should be ready
 to run RootCheck. If you any doubts about installation,
 please refer to INSTALL file.
 You can also find additional information at : 
http://www.ossec.net/rootcheck/ 
Improves, patches, comments are very welcome.
---------------------------------------------------------

Scanning the System
Now you are ready to run rootcheck.

There are quite a few options butthe simplest one is

./rootcheck.pl

If the installation was perfect you would get a progress screen of the scan after which the results wiill be writen into results.txt the result is quite explanatory and gives details of all suspected files.

There is also an example file that explains the different options for root check
More Information about rootcheck is available at  http://www.ossec.net/

Article from: http://webhostgear.com/164.html

A firewall is a very good idea for a server. Though many people think that a firewall is instant
protection that will do everything it really is not. A firewall will help prevent some things but it is not going to stop
everything. It is just one piece of the security network that is being woven. I recommend advanced protection
firewall (APF) by rfxnetworks. APF will block unused outgoing and incoming ports.
It can also be configured to use information from some block lists. The below port list will work for cPanel.
For the other control panels you will need to add in the administration ports.
http://www.rfxnetworks.com/apf.php 

Requirements:
- Root SSH access to your server

—–command—–
cd /usr/local/src
wget http://rfxnetworks.com/downloads/apf-current.tar.gz
tar -zxf apf-current.tar.gz
cd apf-0.*
./install.sh
—–command—–

Now edit config file
—–command—–
pico -w /etc/apf/conf.apf
—–command—–

Scroll down to the “Common ingress (inbound) TCP ports section.
At this point you need to find the correct configuration for your control panel.

—–cPanel —–
IG_TCP_CPORTS=”20,21,22,25,26,53,80,110,143,443,465,993,995,
2082,2083,2086,2087,2095,2096″
IG_UDP_CPORTS=”21,53,873″

EGF=”1″
EG_TCP_CPORTS=”21,22,25,26,27,37,43,53,80,110,113,443,465,873,2089″
EG_UDP_CPORTS=”20,21,37,53,873″

—-Ensim —–
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,19638″
IG_UDP_CPORTS=”53″

EGF=”1″
EG_TCP_CPORTS=”21,22,25,53,80,110,443″
EG_UDP_CPORTS=”20,21,53″

—-Plesk —–

IG_TCP_CPORTS=”20,21,22,25,53,80,110,143,443,465,993,995,8443″
IG_UDP_CPORTS=”37,53,873″

EGF=”1″
EG_TCP_CPORTS=”20,21,22,25,53,37,43,80,113,443,465,873,5224″
EG_UDP_CPORTS=”53,873″

Save the file and start apf via.
—–command—–
apf -s
—–command—–

If everything still works then edit the config file and turn dev mode off.
Make sure you can start a new ssh session before changing dev mode off.
If you are kicked out you need to go back and look at what caused the problem!
DEVEL_MODE=”0″

Now restart APF
—–command—–
apf -r
—–command—–