Secure a vps?

[high6]

Just wondering what needs to be done to secure a vps. I know that for example even if someone has shell access they can't do much because of file permissions. But my major concern is that some php scripts require you to edit in mysql details into it. The permissions are 755, so can't any user account read that file and then have the mysql info?

Using centos btw.

 

[masshuu]

If you use Suexec, you could change the permissions to 700, so only the user owning that site can read the files.
Also using stuff like jailshell, you should have the ability to lock a user out of other directories(though i have never tested this)
For the most part, a stock server without much running on it is secure. The only thing i can say is keep it updated, check for updates once a week or something like that.
You can change default ports, like for ssh, to prevent automated attacks, but as long as you use and enforce secure passwords, you should't worry about it.

 

[high6]

Well I am using cpanel so there are a bunch of different accounts and I tried setting the owner to the websites account but apparently other accounts access the site too when loading pages/etc.

 

[Brandon]

Running cPanel, I would make sure you are running PHP as a CGI or Suexec, not as mod_php.

Also take a look at configserver firewall: http://www.configserver.com/cp/csf.html

A lot can be done to secure a cPanel server. First I would install CSF and follow what is in under 'Check Server Security'.

 

[sezertrk76]

thanks