Today there are many web services that are vulnerable to this Logiam attack. We will try to understand how it can be done to secure your server. We will be talking about servers with the operating system CentOS, version 6 and 7.

Specific actions

First, check to see if your server is actually vulnerable by checking Qualys SSL. If your server is vulnerable, there will be a message at the top of the page. After you confirm that the server is vulnerable, enter the NGINX installation directory

cd /etc/nginx/
mkdir keygroup
cd keygroup

Next, you need to run the following command to create a key group

openssl dhparam -out dhsecure.pem 2048

The next step is to add a new key group to your NGINX configuration

cd /etc/nginx/
vi .conf

Next, add ssl_dhparam ... a line of code that is visible below inside each SSL server block and then update all server blocks. Update all blocks of your SSL server accordingly

server {
listen 443 ssl;
...
location / {
...
ssl_dhparam /etc/nginx/keygroup/dhsecure.pem
...
}

Then a reboot of the NGINX web server should follow

service nginx reload

Finally, test the server again with SSL certificate verification

HOSTRY virtual servers have KVM virtualization. We will look at it in more detail in order to show its main features and advantages in using. Choosing our servers you can be sure that you get a part of the server machine completely in your management and administration and at a very reasonable price!

Definition

KVM is a virtualization technology that calls the user to create practically his own analogue of a dedicated server. Each service on this virtualization is completely separately isolated from the other and has its own operating system kernel.
From the outset, KVM supported only x86 processors. To date, a very extensive Spector processor and OS has been added. Today it is easy to use, unpretentious to resources and at the same time quite functional hypervisor. It allows you to deploy a virtualization platform in a short time, they state in Kaspersky Lab.

Features

The main features of this virtualization are the following:

• It is possible to work and connect any operating system: if the servers are serviced on Linux, you can connect any other OS (Windows, FreeBSD);
• It is possible to format the full disk space for any file system;
• This virtualization has the ability to modify the kernel of the operating system.

Further implementations

KVM virtualization is improving. It needs support for virtual networks and file storage systems. There will also be work on improving reliability, power management, HPC / system support, and virtual processor scalability.

Order now Virtual Private Server at HOSTRY Company by clicking the link below:

https://hostry.com/products/vps/

Install The Necessary Packages

apt-get install munin munin-plugins-extra libwww-perl apache2-utils

Create a User To Access The Web Interface

htpasswd -c /etc/munin/.htpasswd munin

Enable Monitoring Plugins

Next, you should choose the plugin that will be included, while creating a symbolic link for it

ln -s /usr/share/munin/plugins/cpu /etc/munin/plugins/cpu
ln -s /usr/share/munin/plugins/df /etc/munin/plugins/df
ln -s /usr/share/munin/plugins/forks /etc/munin/plugins/forks
ln -s /usr/share/munin/plugins/fw_packets /etc/munin/plugins/fw_packets
ln -s /usr/share/munin/plugins/ip_127.0.0.1 /etc/munin/plugins/ip_127.0.0.1
ln -s /usr/share/munin/plugins/load /etc/munin/plugins/load
ln -s /usr/share/munin/plugins/memory /etc/munin/plugins/memory
ln -s /usr/share/munin/plugins/processes /etc/munin/plugins/processes
ln -s /usr/share/munin/plugins/threads /etc/munin/plugins/threads
ln -s /usr/share/munin/plugins/uptime /etc/munin/plugins/uptime
ln -s /usr/share/munin/plugins/exim_mailqueue /etc/munin/plugins/exim_mailqueue
ln -s /usr/share/munin/plugins/exim_mailstats /etc/munin/plugins/exim_mailstats
ln -s /usr/share/munin/plugins/postfix_mailstats /etc/munin/plugins/postfix_mailstats
ln -s /usr/share/munin/plugins/postfix_mailqueue /etc/munin/plugins/postfix_mailqueue
ln -s /usr/share/munin/plugins/mysql_queries /etc/munin/plugins/mysql_queries
ln -s /usr/share/munin/plugins/nginx_request /etc/munin/plugins/nginx_request
ln -s /usr/share/munin/plugins/nginx_status /etc/munin/plugins/nginx_status
ln -s /usr/share/munin/plugins/apache_accesses /etc/munin/plugins/apache_accesses
ln -s /usr/share/munin/plugins/apache_processes /etc/munin/plugins/apache_processes

Change Configuration

First you need to edit the /etc/munin/munin.conf file for some basic settings. Then find and change [localhost.localdomain] your own hostname, for example your-server.example.com. Open and edit /etc/apache2/conf.d/munin.

Comment on the following lines:

Order allow,deny
Allow from localhost 127.0.0.0/8 ::1
Options None

Then uncomment the following lines to enable authentication:

# AuthUserFile /etc/munin/.htpasswd
# AuthName "Munin"
# AuthType Basic
# require valid-user

IMPORTANT! If your Apache web server is listening on a port that is different from 80, then you should definitely edit /etc/munin/plugin-conf.d/munin-node. Add the following lines to the end of the file if your Apache is listening on port 8080:

[apache_*]
env.ports 8080

The final step will be to restart the services

/etc/init.d/munin-node restart
/etc/init.d/apache2 restart

If all the steps are completed correctly, now you can access the munin web interface http://YOUR_SERVER_IP/munin