chkrootkit is a shell script that examines your system's binaries for rootkit installations. In this case, a rootkit is a software modification, performed on the system, that someone can use to gain administrative access to the server undetected. To install chkrootkit:
cd /rootwget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz.tar.gz.file using the following command:
tar -xvzf chkrootkit.tar.gzcd chkrootkit-0.49make senseAt this point, chkrootkit should install successfully on your server. To run rootkit, enter the following command:
/root/chkrootkit-0.49/chkrootkitWe strongly recommend that you run chkrootkit often and add a cronjob that runs the command above.
Logwatch is a customizable log analysis system. It parses your system's log files for a given period of time and creates a report analyzing specified data. Logwatch is already installed on most cPanel & WHM servers.
The Logwatch configuration file is located at: /usr/share/logwatch/default.conf/logwatch.conf
To make the necessary edits, you will need to open the file listed above with your preferred text editor. We recommend changing the following parameters:
Note: You will need to replace user@example.com in the example above with the email address at which you wish to receive notifications from Logwatch. Note: Changing this parameter allows you to receive more detailed log files. A value of 5 would represent a medium level of detail while a value of 10 would result in a high level of detail.Make sure to save your changes when you are finished editing this file.
Many of our technical analysts recommend using CSF. CSF is a free product provided by ConfigServer. CSF is a stateful packet inspection (SPI) firewall, login and intrusion detection mechanism, and general security application for Linux servers. For more information about using and installing CSF, you can visit the CSF website.
ConfigServer also provides a free add-on product for cPanel & WHM called ConfigServer Mail Queues (CMQ). The product provides a full featured interface to cPanel's Exim mail queues from within WHM. For more information about using and installing CMQ, you can visit the CMQ website.