Every system administrator security protocols are different. Some may lack of it and some may secure their server completely.
Most common practice are do a chroot (files and folders permissions) on most services, disable useless services, keep the services up to date,
Also important is CSF firewall along with its configuration for security and triggered based alerts.
One of the other normal practice is by changing the SSH port. Some people might say it does not work anymore these days but it do actually helps a massive amount to keep the script kiddies away. It might reduce the automated hacking and scanning attempts which is significant if you think about it because i think its 60% of the attacks that are automated.
These are other security checklist that I found can be useful for our servers :
- Install bare minimum OS with ssh
- Remove unwanted services (eg nfs, nfs utils etc)
- Remove unwanted binaries like netcat
- Install tools like rkhunter, unhide, tcpdump and you can also move them to a location where only internal users know and can use them ( say /root/.utils or /opt/utils and only allow root to run )
- Cloudlinux with CageFS has become a norm which protects from cross site contamination for hosting environments
- Kernelcare rebootless kernel patching is also a good option
- Install AppArmor, but have not heard its use in Hosting environments. Basically, you can define what files can be used and its permissions, per process.
- Use clamav. Note that it needs close to 1GB memory to run scans.
- Use FTPS (FTP with SSL) can be made mandatory and not optional
- GRsecurity is good, but is very expensive. It used to be free, once upon a time.
- Changing ssh port with limited IP access. Use a ssh jumpbox and keep track of who made what changes to a server
- Firewall – limiting outbound traffic can be useful to protect from being misused for spamming.
- Fail2ban – a must have
- Mount /tmp folder with noexec permissions
- Use offsite backups only. Don’t rely on local backups
- Take a look at lime and volatility for security forensics. Very useful when things go spiraling south.
- Run frequent server audits. rpm verify very useful
- Ensure that the sites are running latest versions.
- firewall installation and configuring to block unwanted ports.
- Mostly block entire Ip range from RU,CN (unless requested to whitelist)
- Install ImmunifyAV (if its cPanel or Plesk server)
- Enable Mod_security
- Notification of suspicious file activities using firewall LFD.
- Enabling Two Factor authentication
- On few of servers, on clients demand we enabled a combination of two factor authentication and private keys for accessing SSH console. Yes, it works like a charm
- Ask customers to keep their apps up to date and strong passwords
Notifications and monitoring the notification and taking proper actions on time is the main part in keeping your servers hack free for sure.
And at last, never assume that you are secure. Just keep looking at adding layers of security.
Please also take note that the higher the security, the lower the performance will be.