DirectAdmin Server Hardening

1. Connect to the server using SSH and login as the admin user.
2. Switch to the root user using the su command.
3. Using your Web browser, browse to the DirectAdmin control panel at     http://<server ip>:2222.
3. Sign into the control panel using the DirectAdmin admin username and password.

 Change Shell Passwords

1. Make sure you are connected to the server as the root user using SSH.
2. Change the admin user’s password:
     # /usr/bin/passwd admin
     (set new password)
3. Change the root user’s password:
     # su -
     # /usr/bin/passwd
     (set new password)

Setup Secure Shell (SSH) Service

1. Add the admin user to the wheel group:
    # usermod -G wheel admin
2. Edit the server’s SSH configuration file:
    # nano -w /etc/ssh/sshd_config
3. To allow only SSH protocol 2 connections, find the line:
     #Protocol 2, 1
4. Uncomment it and change it to:
     Protocol 2
5. Next, to disable direct root login, find the line:
     #PermitRootLogin yes
6. Uncomment it and change it to:
PermitRootLogin no
7. Next, to change the port that SSH listens on, find the line:
    #Port 22
8. Uncomment it and change it to:
Port 1022
9. Save the file and exit the editor.
10. Restart the SSH service:
     # service sshd restart


 Change the Server Admin Username

1. Change the admin username:
    # cd /usr/local/directadmin/scripts
    # ./change_username.sh admin newuser
2. Edit the server’s SSH configuration file:
    # nano -w /etc/ssh/sshd_config
3. Find the line:
     AllowUsers admin
4. Change it to:
    AllowUsers newuser
5. Save the file and exit the editor.
6. Restart the SSH service:
    # service sshd restart
7. Edit the DirectAdmin list of allowed admins file:
    # nano -w /usr/local/directadmin/data/admin/admin.list
8. Change the line with the admin username to the new username for the  admin account.
9. Save the file and exit the editor.

Set the Server’s Date and Time

1. Set the server’s time zone:
    # rm -f /etc/localtime
    # ln -s /usr/share/zoneinfo/America/New_York /etc/localtime
2. Update the current system time:
    # /usr/bin/rdate -s clock.psu.edu
3. Set the ZONE entry in the file /etc/sysconfig/clock to  “America/New_York”.
4. Set the hardware clock:
     # /sbin/hwclock –-systohc
5. Setup a new hourly cron job to keep the server’s time accurate:
    # touch /etc/cron.hourly/rdate
    # chmod 755 /etc/cron.hourly/rdate
    # nano -w /etc/cron.hourly/rdate
6. Paste the following lines into the new cron file:
     #!/bin/sh
     host=”clock.psu.edu”
     /usr/bin/rdate -s $host >/dev/null 2>&1 && /sbin/hwclock –-systohc >/dev/null 2>&1
7. Save the file and exit the editor.



**  Not complete

DirectAdmin control Panel Installtion

Make sure you are having the following packages installed  in the server.  Ie you have to meet the minimum system requirements. 
SSH, gcc, g++, openssl-devel installed

If you are not having the following packages you have to install it in the server. The following are the typical commands used before we install DirectAdmin.

On Rehat/Fedora/Centos:

yum install wget gcc gcc-c++ flex bison make bind bind-libs bind-utils openssl openssl-devel perl quota libaio libcom_err-devel libcurl-dev

Make sure you have purchased Directadmin license.  


Your server is now prepared to install DirectAdmin, so let’s begin.
Run:
wget http://directadmin.com/setup.sh
chmod +x setup.sh

./setup.sh

Now installation procedure will start.

Joomla .htaccess Rules

 Htaccess   rules in joomla an example:  Add the below rules to the .htaccess file in the default document root 


##
# @version $Id: htaccess.txt 14401 2010-01-26 14:10:00Z louis $
# @package Joomla
# @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##
#####################################################
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
#
# mod_rewrite in use
RewriteEngine On
########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
## Deny access to extension xml files (uncomment out to activate)
#<Files ~ "\.xml$">
#Order allow,deny
#Deny from all
#Satisfy all
#</Files>
## End of deny access to extension xml files
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root)
# RewriteBase /
########## Begin - Joomla! core SEF Section
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC]
RewriteRule (.*) index.php
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
#
########## End - Joomla! core SEF Section