i) Reboot your computer.
ii) At the boot loader menu> use the arrow keys to highlight the installation you wish to edit. Once selected, type the letter a. You are presented with a prompt that should look something like the following:
grub append> ro root=LABEL=/
iii) Press the spacebar once and type in the word single to tell the grub bootloader to boot into single user mode. The prompt should now look something like this:
grub append> ro root=LABEL=/ single
iv) Press Enter> and grub will boot single-user mode. Once finished, you should be presented with a prompt that looks similar to this:
sh-3.0b#
v) Type in passwd root and press enter then enter and re-enter your new root password. When complete, type reboot and press enter. You can now login in as root.

1. Exim.
Enable extended logging :
Add the following line in exim, below the first line recommended
log_selector = +address_rewrite +all_parents +arguments
+connection_reject +delay_delivery +delivery_size +dnslist_defer
+incoming_interface +incoming_port +lost_incoming_connection +queue_run
+received_sender +received_recipients +retry_defer +sender_on_delivery
+size_reject +skip_delivery +smtp_confirmation +smtp_connection
+smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
+\

Fommail Trap
http://void.thunderteam.org/fm-trap.html

For Securing Exim this could be a Good resource
http://www.rvskin.com/index.php?page=public/antispam

2. Httpd :

install mod_security
install mod_dosevasive (causes problem with FP sometimes though)

3. PHP

disable_functions = “system,exec”

eAccelerator for PHP acceleration
http://sourceforge.net/projects/eaccelerator

4. Some small recommended apps

Install BFD from rfxnetworks.net
Install LSM from rfxnetworks.net
APF from rfxnetworks.net ( since we have portsentry not really required )
rkhunter can be found on www.rootkit.nl

5. cpanel script to disable compilers incase we have not done this yet
/scripts/compilers off

6. MYSQL

mysql query cache
vi /etc/my.cnf
query-cache-type = 1
query-cache-size = 100M
100M can be changed according to how busy the server is

7. Securing some binaries

chmod 750 /usr/bin/rcp
chmod 750 /usr/bin/wget
chmod 750 /usr/bin/lynx
chmod 750 /usr/bin/links
chmod 750 /usr/bin/scp
chmod 000 /etc/httpd/proxy/

Also consider to check this;

* Check your log files,
* Look for setuid/setgid files, especially if they are owned by root
* Check what your integrity checker has to say about your system binaries
* Check for packet sniffers which may or may not be running
* If you didn’t install it, it shouldn’t be there
* Check your crontabs and at queues.
* Check for services that shouldn’t be running on your system
* Check /etc/passwd for new accounts/inactive accounts that have suddenly become active