Re: Linux hardening

From: Daniel Cid (
Date: 08/22/05

  • Next message: AragonX: "Re: Linux hardening"
    Date: Mon, 22 Aug 2005 16:49:37 -0300 (ART)
    To: AragonX <>,


    You are running too many services in just one box. It
    may lead to problems latter. To minimize that, I would
    suggest you to chroot apache and run it with a
    specific apache user (like apache or www). A good idea
    would be install it with the mininum number of
    features possible (look at
    You didn't mention which mail server you are using.
    Run a good one (postfix or qmail). In addition to
    that, no matter the security measures you are using,
    keep your
    server updated. You could also use some Host-based IDS
    or log analysis tool to improve the detection
    capabilities there. I suggest OSSEC HIDS
    (, because it does log analysis
    and integrity checking together (in addition to have a
    nice correlation engine and a nice notification tool),
    but I'm suspicious to talk about it :).

    Hope it helps..

    Daniel B. Cid, CISSP
    daniel.cid @ (at) {gmail. com}
    --- AragonX <> escreveu:
    > I had an intrusion on one of my servers and am in
    > the process of hardening
    > it (after a reinstall).  I'm using Fedora Core 4. 
    > I've taken all the
    > basic steps (shutting down unused services etc) and
    > have done the
    > following:
    > Installed Smothwall on a separate box.
    > Installed & configured AIDE, Snort and chkrootkit
    > Ran Bastille
    > I am in the process of configuring LIDS.  I'm using
    > LIDS instead of
    > SELinux because it's easier for me to configure.
    > My next and final step will be to install
    > mod_security.
    > The server performs the following tasks:
    >    Web (Squirrelmail, eGroupWare, myPhpAdmin and
    > others) and email serving
    > to the internet.
    >    File, print and DHCP serving to my local network.
    > I'm looking for more preventative measures.  It
    > appears that LIDS and
    > mod_security are the only ones in that role now. 
    > Should I jail apache?
    > Would that give me any benefits over what LIDS
    > provides?
    > Thank you in advance.
    Converse com seus amigos em tempo real com o Yahoo! Messenger 

  • Next message: AragonX: "Re: Linux hardening"