Steps to Update/Install iptables
iptables v1.6.0
cd /usr/src
wget -O /usr/src/iptables-1.6.0.tar.bz2 https://www.netfilter.org/projects/iptables/files/iptables-1.6.0.tar.bz2 --no-check-certificate
tar -jxf iptables-1.6.0.tar.bz2
cd iptables-1.6.0
./configure --prefix=/myiptables --with-xtlibdir=/lib/xtables --disable-nftables
make
make install
mv /sbin/iptables /myiptables/iptables.backup
mv /sbin/iptables-restore /myiptables/iptables-restore.backup
mv /sbin/iptables-save /myiptables/iptables-save.backup
ln -s /myiptables/sbin/iptables /sbin/iptables
ln -s /myiptables/sbin/iptables-restore /sbin/iptables-restore
ln -s /myiptables/sbin/iptables-save /sbin/iptables-save
-----------
For iptables v1.4.12
cd /usr/src
wget -O /usr/src/iptables-1.4.12.tar.bz2 https://www.netfilter.org/projects/iptables/files/iptables-1.4.12.tar.bz2 --no-check-certificate
tar xvjf iptables-1.4.12.tar.bz2
cd iptables-1.4.12.2
./configure --prefix=/myiptables
make
make install
mv /sbin/iptables /myiptables/iptables.OLD
mv /sbin/iptables-restore /myiptables/iptables-restore.OLD
mv /sbin/iptables-save /myiptables/iptables-save.OLD
ln -s /myiptables/sbin/iptables /sbin/iptables
ln -s /myiptables/sbin/iptables-restore /sbin/iptables-restore
ln -s /myiptables/sbin/iptables-save /sbin/iptables-save
====
Check if iptables installed fine bu using below command:
==
iptables -V
iptables v1.6.0
==
Install csf on the server.
cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Please refer the below URL for more details:
—-
https://download.configserver.com/csf/install.txt
—-
Test csf
Check if there is any error by running /etc/csf/csftest.pl. You should get the message csf should function on this server.
Open any custom ports running in the file /etc/csf/csf.conf. You can add the port number in the section TCP_IN.
start csf with TESTING = “0” in the file /etc/csf/csf.conf. Once the csf is running, try logging into the server ssh from another terminal. Do a basic check of all services and if all are listening fine and can be accessed from outside, edit TESTING = “1” in /etc/csf/csf.conf and restart csf.
Start csf
csf -s
restart csf
csf -r
Flush/Stop csf
csf -f
Disable csf
csf -x
Enable csf
csf -e
Check for server security from the WHM csf area. The following steps should not show warning. If you see warning here, do the steps told there.
Check SSH UseDNS
Check Background Process Killer
Check exim for extended logging (log_selector)
Check apache for mod_security
Check Apache weak SSL/TLS Ciphers (SSLCipherSuite)
Check apache for TraceEnable
Check apache for ServerSignature
Check apache for ServerTokens
Check apache for FileETag
Check mod_userdir protection
Check php for disable_functions
Check php for ini_set disabled
Check php for register_globals
Check php open_basedir protection
Check Anonymous FTP Logins
Check Anonymous FTP Uploads
Check block common domains
Check package updates --> Here if there is custom config for AMP, the update config should be set to manual updates.
Check server startup for xfs
Check server startup for atd
Check server startup for nfslock
Check server startup for rpcidmapd
Check server startup for bluetooth
Check server startup for canna
Check server startup for FreeWnn
Check server startup for cups-config-daemon
Check server startup for iiim
Check server startup for mDNSResponder
Check server startup for nifd
Check server startup for anacron
Check server startup for gpm
Check server startup for saslauthd
Check server startup for avahi-daemon
Check server startup for avahi-dnsconfd
Check server startup for hidd
Check server startup for pcscd
Check server startup for sbadm
If you need any further assistance contact me @ [email protected].. prefer hangout ?