Re: General Security Issues

From: Kevin D. Kinsey, DaleCo, S.P. (kdk_at_daleco.biz)
Date: 03/01/04

  • Next message: Konstantinos Fotiadis: "RE: General Security Issues" 
    Date: Mon, 01 Mar 2004 11:15:28 -0600
To: bookman@oteglobe.net

    Konstantinos Fotiadis wrote:

    >Greetings list,
    >
    >As a newbie to security I would like to ask any recommendation that the list
    >might have.
    >We are about to "install" a new box with 4.9 stable to the nice and innocent
    >internet world. :-P
    >The box has no services running expect apache and we telnet to it via SSH.
    >
    >

    So you've disabled sendmail and inetd.conf?

    >Main function of this box will be graphing various interfaces via rrdtool.
    >So, I would like to ask if there is any other precautions that I must take
    >in order to sleep safe at night. Should I check for any other opened ports ?
    >
    >

    Good idea, always ... from inside (netstat) and outside
    (port scanner, like nmap<?>)....

    >Should I do something with the kernel to be more secure ?
    >
    >
    A firewall is often considered a must.

    >I know this ain't so easy, but let's say my main scope is to get a least a
    >decent sleep :-)
    >
    >Kind Regards,
    >
    >Kostas
    >
    >
    >
    >

    I imagine this list would prefer that you send your
    questions to the questions@ list. I can't remember
    the list charter enough to know exactly *why* at
    the moment ... so I've made a comment or two.

    I imagine that if you can find no open ports, and stay
    on top of any changes to Apache and OpenSSH,
    you should have few worries --- except for the scripts
    that run on the webserver...which is a whole different
    topic, as I see it.... :-(

    Kevin Kinsey
    DaleCo, S.P.
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Konstantinos Fotiadis: "RE: General Security Issues"

    Relevant Pages

    • Re: Java & Web
      ... requests on ports 80 and/or 443 to Tomcat from Apache. ... I imagine one of the big benefits is not having to run Tomcat as root in this case. ...
      (comp.lang.java.programmer)
    • Re: Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7)
      ... one thing that would definitely help are tighter firewall rules ... Since then, I have blocked the common IRC ports, and the firewall was ... >to the attacker or some IRC channel ... Apache needs to open the outbound to ...
      (Incidents)
    • Re: pkg_list & applications from source
      ... I installed apache, php and a few other applications from source. ... package or ports. ... because it tries to install my already installed applications. ... So if you don't like the config and want to start over it's as easy as "make ...
      (comp.unix.bsd.freebsd.misc)
    • Build Frustrations
      ... I'm of the realization that FreeBSD is a volunteer project, but there's a recent issue I've hit, and I've contacted nearly EVERYONE I can think of about it to try and fix, and the response I've gotten has been a deafening silence. ... I've emailed ports maintainers, APR developers, the general apache mailing list, and gotten nothing. ... That said, I believe there's either a bug in the core operating system here, or a bug in the way some of the critical ports are built, and I cannot figure it out alone. ...
      (freebsd-questions)
    • RE: Build Frustrations
      ... I'm of the realization that FreeBSD is a volunteer project, ... Here's what I sent to the maintainers of the above two ports: ... I believe there's either a bug in the core operating system ... confused at least one apache committer. ...
      (freebsd-questions)