Through experience, these are some of the ways you could toughen your server security. Feel free to add your suggestions and tips.


1. USE STRONG PASSWORD.

That means having a combination of alphabets (in upper as well as lower-case), numerals and signs. The password should preferably be sufficient long enough, e.g. more than 8-10 characters.

Very poor passwords: admin, administrator, root, password, server, mysecretpassword, manager
Poor passwords: 1982, joe72, john69, kingkong
Good passwords: Ml69m2oo!*_*Dta1, k40c*F#@KsY24$

One way of creating a tough password that you could remember:

Mandy Likes 69. Me Too! Don't Tell Anyone.... becomes
M l 69 M 2oo ! D t a 1


2. INSTALL PATCHES IN A TIMELY FASHION

Subscribe to the announcement lists.

Patch your server software and applications as soon as updates become available. Of course, test them on your development server first to avoid surprises.


3. USE LEIF'S FIREWALL RULES

http://www.virtualmin.com/index.php?option=com_fireboard&Itemid=77&func=view&id=2870&catid=8#2870

These rules will reduce probing and hacking attempts.


4. CHANGE YOUR WEBMIN, USERMIN, SSH PORT NO.

Change Webmin's port no. from 10000 to something else
Change Usermin's port no. from 20000 to something else
Change SSH's port no. from 22 to something else

Make sure you change your firewall rules accordingly.


5. USER GROUP FOR SSH ACCESS

You can create a user group and configure SSH server to only allow access to users from the group.


6. TURN OFF ROOT ACCESS

You should turn off root access to the common services. Create another user who has root privileges, and use that login instead.


7. MYSQL USER ACCOUNTS

Insert a password for your MySQL root user. The default is blank.

Delete any unnecessary MySQL user account.


8. TURN OFF SERVICES YOU DON'T USE

For example, if you don't use FTP, turn it off.

I'd also like to add after doing all of those steps you just mentioned. I also add the following to all of my servers.

To stop brute force attacks to SSH:

http://denyhosts.sourceforge.net/

If you want to stop brute force attacks to SSH,FTP,SMTP,Apache, etc.:

http://www.fail2ban.org/wiki/index.php/Main_Page

Host Based Intrusion Detection:

http://www.ossec.net/

Chrooted SFTP with:

http://www.howtoforge.com/mysecureshell_sftp_debian_etch

FTP:

I prefer to use vsftpd, then chroot your users.

A somewhat controversial approach I block off whole blocks of IP's from countries I get most hacking type attempts.

Don't forget to inspect your logs.

Finally have a good backup to recover from in case your box gets owned.

Root Kit Hunter does some nice checks and reporting. Here's how I set it up on my machine.

Webmin > System > Software Packages
Browse YUM for rkhunter, pick the version for your OS, Install

Setup cron jobs within Webmin > System > Schedule Cron Jobs (/path/to/ is /usr/bin/ for RedHat/CentOS systems, yours may be different)

Root Kit Hunter Quick Scan & profile updater - setup this cron to run daily

Code:

/path/to/rkhunter -c --update --quick --report-warnings-only --cronjob 2>&1 | mail -s "RK QuickScan - YourServerName" emailaddress@whatever.tld

Root Kit Hunter - setup this cron to run weekly

Code:

/path/to/rkhunter -c --update --cronjob 2>&1 | mail -s "RK Scan Details - YourServerName" emailaddress@whatever.tld

Tip: set the email notification address to an account that is not dependent on the server.

Just the thread I was looking for, except I created one in the General Discussion forum.
I guess I was looking to see what will be integrated in the Virtualmin GPL as the Sentry Tools are now gone.

Meanwhile, to the OP, those steps look awesome. But for newbs like me, a little "How to" for each step would be just fine! For example, doing the chrooting thing, etc.

For example, doing the chrooting thing, etc.

While most of the advice is excellent and well worth learning more about, I will point out that I happen to disagree with using chroot as a security tool. It was never intended for such purposes, and it has significant security implications. So, let me be emphatic in saying specifically: I do not recommend running a chrooted ssh environment.

It is a very popular technique, but it only provides illusory security gains while removing very real protections. It's too high a price to pay for security by obscurity.

Actually, security by obscurity is always an illusory gain, though in the case of changing ports, it doesn't hurt anything. (But it also doesn't give you much--port scanners generally recognize Webmin no matter what port it's on, unless you also tweak the headers and such.)

4. CHANGE YOUR WEBMIN, USERMIN, SSH PORT NO.

Err, sorry to be such a noob...

I changed my SSH port before virtualmin was installed (I never run the default) and now my virtual-admins see this error when going to "Webmin Modules->SSH/Telnet Login":

Code:

There is no SSH server running on 192.168.1.78 port 22.

Is there something to configure in virtualmin to fix this? Also, how do I go about changing virtualmin's port? I don't see anything in the settings for such things :(

...though in the case of changing ports, it doesn't hurt anything. (But it also doesn't give you much...
Oh, I disagree. Changing my port on SSH removed 100% of the brute force attacks I recieve on an average day.

While it certainly won't stop someone specifically targeting my server, it's stopped almost all the attempts against ssh that I see from scanners; it seems like they only look on the expected port and, when they don't find it, move on to easier fruit.

Is there something to configure in virtualmin to fix this?

Of course. Just edit the module configuration for that module and set the port. You'll need to also set it in the Usermin module of the same name (if you grant access to the module to Usermin users, anyway).

This is true of nearly all Webmin modules--they each have their own configuration, and you can find it by clicking "Module config.." up in the left corner of the module.

Sorry, that was entirely greek to my green little ears. Particularly the phrase "module config for module" and "Usermin module of the same name".

Maybe we should start with what I'm doing wrong, and then you give me the dunce cap... I've done the following:

1. Installed virtualmin 3.50 Pro on Ubuntu 6.06.1 (Webmin version 1.380)
2. log into http://domain:10000 as master administrator
3. scanned through the trees, including the following obvious choices:
a. Virtualmin -> System Settings -> Module Config (nothing here)
b. Webmin -> Servers -> SSH Server (I set port number here)

After going to 3.a., I did find a "module config" link, which took me to "Configurable options for SSH Server", but there isn't any place to set a port there...

On second thought, I'll go get the dunce cap while I wait...

Let me add that I've seen a similar instruction in the module configuration reference... but I just can't seem to pinpoint how to reach the "Virtualmin Virtual Servers module page"... it's almost like I'm missing links in my tree or... missing the point entirely :(