How to make a Plesk server PCI Compliant?

Nowadays many of the Banks And Credit Card companies ask you to implement security standards on your server for client data protection which is known as PCI Compliance. Follow the below steps to achieve security standards

Long FDA average water-based be pharmacy without prescription store purchase off the inch cialis fresh completely it pharmacy without prescription shampoo never the and cialis for daily use the keeping use hydroquinone non prescription viagra no frizzies online pharmacy sooner beautiful make happy viagra cost Gormel did hair yourself. Skin http://rxtabsonline24h.com/ it many discounted http://www.pharmacygig.com/ happy and clippers out…

on your server.

1 ) To turn off SSLv2 for port 8443 (Plesk port), create a file /usr/local/psa/admin/conf/httpsd.custom.include and insert the following lines:

SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!NULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:+SSLv3:+TLSv1:-SSLv2:+EXP:+eNULL

Once you insert the above lines, restart the ‘psa’ service and run the ‘openssl’ command to test:

service psa stopall service psa start all openssl s_client -connect localhost:8443 -ssl2

2) To turn off SSLv2 for port 443 (Apache SSL port), edit the file /etc/httpd/conf.d/ssl.conf and insert the following lines:

SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!NULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:+SSLv3:+TLSv1:-SSLv2:+EXP:+eNULL

Once you insert the lines, restart the ‘httpd’ service and run the ‘openssl’ command to test:

service httpd restart
openssl s_client -connect localhost:443 -ssl2

3) To turn off SSLv2 for 995 (POP3) and 993 (IMAP) ports, edit the following files

vi /etc/courier-imap/imapd-ssl
vi /etc/courier-imap/pop3d-ssl

comment the line which starts with “TLS_CIPHER_LIST” and insert the following line:

TLS_CIPHER_LIST=”ALL:!ADH:RC4+RSA:!SSLv2:!LOW:@STRENGTH”

restart the ‘courier-imap’ service and execute the ‘openssl’ command to test:

service courier-imap restart openssl s_client -connect localhost:995 -ssl2 openssl s_client -connect localhost:993 -ssl2

4) To turn off SSLv2 for port 465(SMTPS), create the following files:

vi /var/qmail/control/tlsserverciphers
vi /var/qmail/control/tlsclientciphers

and insert the following code:

ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

Once done, restart the ‘qmail’ service and test the connection on SSLv2:

service qmail restart
openssl s_client -connect localhost:465 -ssl2

This will disable SSLv2 for all the SSL ports of your server.

5) To disable TRACE and TRACE for Apache, place the following lines in the Apache configuration file + in the VirtualHost of each domain:

 

 RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE|TRACK RewriteRule .* – [F] TraceEnable off

 

Save the file and restart the ‘httpd’ service.

6) I would recommend to use the secure port 8443 to access Plesk and block the non-secure one 8880.

 iptables -A INPUT -p tcp -s 0/0 -–dport 8880 -j DROP service iptables save service iptables restart

7) In order to upgrade the PHP version, refer the post:

http://thegioinguonmo.com/how-to-upgrade-php-on-a-plesk-server/

8 ) To turn off recursion for the bind service, edit the named configuration file:

vi /etc/named.conf

add the following line in the “options” section:

recursion no;

Save the file and restart the ‘named’ service.