Security Configuration in ISPConfig

? Security Hardening and Best Practices

ISPConfig Security Features

• User permission system
• SSL/TLS encryption
• Firewall integration
• Fail2ban protection
• ModSecurity WAF
• Malware scanning
• Two-factor authentication

Firewall Configuration (UFW/iptables)

Essential Ports

UFW Commands

# Enable firewall
ufw enable

# Allow essential services
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 8080/tcp

# Allow from specific IP
ufw allow from 192.168.1.100 to any port 22

# Check status
ufw status verbose

Fail2ban Configuration

ISPConfig Jail Configuration

# /etc/fail2ban/jail.local
[ispconfig]
enabled = true
filter = ispconfig
logpath = /var/log/ispconfig/auth.log
maxretry = 3
bantime = 3600

[postfix-sasl]
enabled = true
filter = postfix-sasl
logpath = /var/log/mail.log
maxretry = 3
bantime = 3600

[dovecot]
enabled = true
filter = dovecot
logpath = /var/log/mail.log
maxretry = 5
bantime = 3600

ModSecurity Web Application Firewall

Enable ModSecurity

1. Install ModSecurity module
2. Enable in Apache configuration
3. Configure OWASP Core Rule Set
4. Set to DetectionOnly initially
5. Monitor false positives
6. Switch to On mode after tuning

Custom ModSecurity Rules

# Block SQL injection attempts
SecRule ARGS "@detectSQLi" 
    "id:1001,
    phase:2,
    block,
    msg:'SQL Injection Attack',
    logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}'"

# Block common web shells
SecRule REQUEST_FILENAME "@contains c99.php" 
    "id:1002,
    phase:2,
    block,
    msg:'Web Shell Detected'"

SSL/TLS Hardening

Strong SSL Configuration

# Apache SSL configuration
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off

# Enable HSTS
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"

PHP Security Settings

# PHP security directives
expose_php = Off
display_errors = Off
log_errors = On
error_log = /var/log/php_errors.log
post_max_size = 8M
upload_max_filesize = 8M
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
disable_functions = exec,passthru,shell_exec,system,proc_open,popen

MySQL Security

Secure MySQL Installation

# Run security script
mysql_secure_installation

# Disable remote root login
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');

# Remove anonymous users
DELETE FROM mysql.user WHERE User='';

# Remove test database
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';

File System Security

Directory Permissions

# Secure permissions
find /var/www -type d -exec chmod 755 {} ;
find /var/www -type f -exec chmod 644 {} ;

# Protect sensitive files
chmod 600 /var/www/*/web/wp-config.php
chmod 600 /var/www/*/web/configuration.php

Malware Scanning

ClamAV Setup

1. Install ClamAV
2. Update virus definitions
3. Configure regular scans
4. Set up email alerts

# Update ClamAV
freshclam

# Scan website
clamscan -r /var/www/clients/client1/web1/web/

# Automated daily scan
0 2 * * * /usr/bin/clamscan -r /var/www --quiet --infected --log=/var/log/clamav/scan.log

Two-Factor Authentication

1. Install Google Authenticator plugin
2. Enable for ISPConfig users
3. Configure backup codes
4. Test login with 2FA

Security Audit Checklist

• ☐ Change default passwords
• ☐ Disable root SSH login
• ☐ Configure firewall rules
• ☐ Enable fail2ban
• ☐ Install SSL certificates
• ☐ Configure ModSecurity
• ☐ Set up regular backups
• ☐ Enable log monitoring
• ☐ Update all software
• ☐ Remove unnecessary services

Incident Response

If Compromised

1. Isolate affected system
2. Change all passwords
3. Review access logs
4. Scan for malware
5. Restore from clean backup
6. Patch vulnerabilities
7. Monitor for further issues