Firewall CheckStatusComment
Check whether csf is enabledOK 
Check csf is runningOK 
Check whether csf is in TESTING modeOK 
Check whether lfd is enabledOK 
Check incoming MySQL portOK 
Check whether webmin is runningOK 
Check csf SMTP_BLOCK optionOK 
Check csf LF_SCRIPT_ALERT optionOK 
Check csf LF_SSHD optionOK 
Check csf LF_FTPD optionOK 
Check csf LF_SMTPAUTH optionOK 
Check csf LF_POP3D optionOK 
Check csf LF_IMAPD optionOK 
Check csf LF_HTACCESS optionOK 
Check csf LF_MODSEC optionOK 
Check csf LF_CPANEL optionOK 
Check csf LF_DIRWATCH optionOK 
Check csf LF_INTEGRITY optionOK 
Check csf PT_SKIP_HTTP optionOK 
Check csf PT_ALL_USERS optionOK 
Server CheckStatusComment
Check /tmp permissionsOK 
Check /tmp ownershipOK 
Check /tmp is mounted as a filesystemOK 
Check /tmp is mounted noexec,nosuidOK 
Check /etc/cron.daily/logrotate for /tmp noexec workaroundOK 
Check /var/tmp permissionsOK 
Check /var/tmp ownershipOK 
Check /var/tmp is mounted as a filesystem or is a symlink to /tmpOK 
Check /usr/tmp permissionsOK 
Check /usr/tmp ownershipOK 
Check /usr/tmp is mounted as a filesystem or is a symlink to /tmpOK 
Check /dev/shm is mounted noexec,nosuidOK 
Check /etc/resolv.conf for localhost entryOK 
Check /etc/named.conf for recursion restrictionsOK 
Check /etc/named.conf for random query source portOK 
Check server runlevelOK 
Check nobody cronOK 
Check Operating System supportOK 
Check perl versionOK 
Check MySQL versionOK 
Check SUPERUSER accountsOK 
SSH/Telnet CheckStatusComment
Check SSHv1 is disabledOK 
Check SSH on non-standard portWARNINGYou should consider moving SSH to a non-standard port to evade basic SSH port scans. Don't forget to open the port in the firewall first!
Check SSH PasswordAuthenticationWARNINGFor ultimate SSH security, you should consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication
Check telnet port 23 is not in useOK 
Check shell limitsOK 
Check Background Process KillerOK 
Exim CheckStatusComment
Check root forwarderOK 
Check exim for extended loggingWARNINGYou should enable extended exim logging to enable easier tracking potential outgoing spam issues. Add:
log_selector = +arguments +subject
to the first textarea in the Advanced Mode Exim Configuration Editor
Check exim weak TLS CiphersOK 
Check for maildir conversionOK 
Apache CheckStatusComment
Check apache versionOK 
Check suPHPOK 
Check SuexecOK 
Check apache for mod_securityOK 
Check apache for RLimitCPUOK 
Check apache for RLimitMEMOK 
Check apache Cipher SuiteOK 
Check mod_userdir protectionOK 
PHP CheckStatusComment
Check php versionOK 
Check php for enable_dlOK 
Check php for disable_functionsOK 
Check php for ini_set disabledWARNINGYou should consider adding ini_set to the disable_functions in the PHP configuration (usually in /usr/local/lib/php.ini) as this setting allows PHP scripts to override global security and performance settings for PHP scripts. Adding ini_set can break PHP scripts and commenting out any use of ini_set in such scripts is advised
Check php for register_globalsOK 
Check php for SuhosinOK 
Check php open_basedir protectionOK 
WHM Settings CheckStatusComment
Check cPanel versionWARNINGYour current version of cPanel is 11.24.7-EDGE_34168. According to the cPanel site, the latest available is 11.24.7-EDGE_34209, you should consider upgrading to ensure bugs and security patches are up to date
Check cPanel login is SSL onlyOK 
Check boxtrapper is disabledOK 
Check max emails per hour is setOK 
Check whether users can reset passwords via emailOK 
Check whether native cPanel SSL is enabledOK 
Check compilersOK 
Check Anonymous FTP LoginsOK 
Check Anonymous FTP UploadsOK 
Check FTP Cipher SuiteOK 
Check FTP Logins with Root PasswordOK 
Check allow remote domainsOK 
Check block common domainsOK 
Check allow park domainsOK 
Check cPAddons update email to ownerOK 
Check cPAddons update email to rootOK 
Check package updatesOK 
Check security updatesOK 
Check melange chat serverOK 
Check root/reseller login to users cPanelWARNINGYou should enable and then disable this option after use. WHM > Tweak Settings > Disable login with root or reseller password into the users' cPanel interface
Check cPanel php for register_globalsOK 
Check cPanel php.ini file for register_globalsOK 
Check cPanel passwords in emailOK 
Check Referrer SecurityOK 
Server Services CheckStatusComment
Check server startup for cupsOK 
Check server startup for xfsOK 
Check server startup for atdOK 
Check server startup for nfslockOK 
Check server startup for cannaOK 
Check server startup for FreeWnnOK 
Check server startup for cups-config-daemonOK 
Check server startup for iiimOK 
Check server startup for mDNSResponderOK 
Check server startup for nifdOK 
Check server startup for rpcidmapdOK 
Check server startup for bluetoothOK 
Check server startup for anacronOK 
Check server startup for gpmOK 
Check server startup for saslauthdOK 
Check server startup for avahi-daemonOK 
Check server startup for avahi-dnsconfdOK 
Check server startup for hiddOK 
Check server startup for pcscdOK 
Check server startup for sbadmOK 
Check server startup for webminOK 
Check server startup for ossecOK 


Your Score: 106/112*

         112 (max) 
    106 (score)

*This scoring does not necessarily reflect the security of your server or the relative merits of each check

csf: v4.54

©2006-2009, ConfigServer Services (Way to the Web Limited)