VPS Hardening – Logwatch and MySQL – FTP Ports – Part 2

In part one of our VPS hardening project we changed the SSH port and disallowed the root login to connect via SSH.

The next two things we are going to do is to install Logwatch, and then block connections to the FTP and MySQL ports.

Logwatch

Logwatch is a very useful, and lightweight, utility that scans your server logs and provides a report from that.

To install logwatch (on CentOS / RHEL) simply type

yum install logwatch -y

How to get log details email to you

There are a number of configurations you might want to change with logwatch, however to get a simple report emailed to you just type this into your SSH session:

logwatch --detail Low --mailto email@address --service http --range today

For further configuration options this article will help.

Blocking FTP ports and MySQL port

To do this we had to journey into the world of ip tables.

You can block a port entirely from being accessed over the network by using the the –dport or –destination-port switch and adding the port of the service you want to block.

Run the below to reject ftp ports and only accept MySQL connections from local host.

/sbin/iptables -A INPUT -p tcp --destination-port 21 -j REJECT --reject-with tcp-reset
/sbin/iptables -A INPUT -p tcp --destination-port 20 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp --dport 3306 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

Block just one ip address like this (swapping the IP address for the one you want to block) iptables -A INPUT -s 146.185.234.48 -j DROP

Don’t forget to save the configuration with

iptables-save

Removing IPTABLE rules

If you make a mistake you can remove a rule by getting a list of them with

iptables -vnL INPUT --line-numbers

Then if you get the number of the rule, you can delete it e.g rule 9

iptables -D INPUT 9
Rob StGeorge
Senior SQL Server Database Administrator residing in Auckland, NZ

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.