how to secure CentOS server using CWP features1. Enable CSF Firewall (in CWP.root in security menu you have CSF Firewall)
2. Change SSH port
3. Enable ModSecurity with OWASP security rules
4. Use only random generated passwords
How to enable CSF FirewallIn your CWP menu go to Security --> CSF Firewall and click on firewall enable
How to change SSH portIn your CWP menu go to Services Config --> SSH Configuration
now replace #22 with eg. 8404 and restart ssh server on index page of the CWP
You will need to add this port also in CSF Firewall
1. go to Security --> CSF Firewall --> Firewall Configuration
2. replace TCP_IN and TCP_OUT port 22 with your port
3. restart CSF Firewall
cut from configuration
# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2030,2031"
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,2030,2031"
How to Install ModSecurity with OWASP security rulesIn your CWP menu go to Security --> Mod Security and click on Install Mod Security
Use only random generated passwordsOne of the most important things is to ALWAYS use random generated passwords with length 8+ characters.
CWP also has built in random password generator which will generate random password for each new account on creation.
One of best tools for that is here:
https://www.random.org/passwords/Random passwords needs to be used for all public services like:
- CMS applications like Wordpress admin user
- FTP Passwords
- Email Account Passwords
- Account passwords
... and any other available on the internet