Linux hardening

From: AragonX (aragonx_at_dcsnow.com)
Date: 08/21/05

  • Next message: Kaveh Razavi: "Re: one time passwords"
    Date: Sun, 21 Aug 2005 08:13:49 -0400 (EDT)
    To: focus-linux@securityfocus.com
    
    

    I had an intrusion on one of my servers and am in the process of hardening
    it (after a reinstall). I'm using Fedora Core 4. I've taken all the
    basic steps (shutting down unused services etc) and have done the
    following:

    Installed Smothwall on a separate box.
    Installed & configured AIDE, Snort and chkrootkit
    Ran Bastille

    I am in the process of configuring LIDS. I'm using LIDS instead of
    SELinux because it's easier for me to configure.

    My next and final step will be to install mod_security.

    The server performs the following tasks:

       Web (Squirrelmail, eGroupWare, myPhpAdmin and others) and email serving
    to the internet.
       File, print and DHCP serving to my local network.

    I'm looking for more preventative measures. It appears that LIDS and
    mod_security are the only ones in that role now. Should I jail apache?
    Would that give me any benefits over what LIDS provides?

    Thank you in advance.


  • Next message: Kaveh Razavi: "Re: one time passwords"

    Relevant Pages

    • Securing FC 4
      ... I had an intrusion on one of my servers and am in the process of hardening ... I am in the process of configuring LIDS. ... My next and final step will be to install mod_security. ... Web and email serving ...
      (Fedora)
    • Linux hardening
      ... I had an intrusion on one of my servers and am in the process of hardening ... I am in the process of configuring LIDS. ... My next and final step will be to install mod_security. ... Web and email serving ...
      (Security-Basics)
    • Re: Linux hardening
      ... good start point, checkout the servers that you are using, maybe a ... >I am in the process of configuring LIDS. ... >My next and final step will be to install mod_security. ... secure FREE email: http://www.hushmail.com/?l=2 ...
      (Security-Basics)
    • Re: Linux vs FreeBSD vs SCO
      ... This happened in the past and I've not done a lot with Linux ... things I ever learned about robustness in servers - and I only putz ... Then there is the rpm upgrade path. ... often you install an upgrade, and you find it needs something else, ...
      (comp.unix.sco.misc)
    • Re: Next openSUSE
      ... Tell someone you know how to install a problem. ... I would have had to use free servers of pay for, ... There are tiny and maxi fonts for that. ... only works if the work ants are kept in the dark and cannot get an overview. ...
      (alt.os.linux.suse)