Re: Linux hardening
From: Daniel Cid (danielcid_at_yahoo.com.br)
Date: 08/22/05
- Previous message: Scott Gifford: "Re: SMB : TCP/445 impossible to sniff a document sent to be printed to a MS Spooler Server"
- In reply to: AragonX: "Linux hardening"
- Next in thread: Sean Finkel: "Re: Linux hardening"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 22 Aug 2005 16:49:37 -0300 (ART) To: AragonX <aragonx@dcsnow.com>, focus-linux@securityfocus.com
Hello,
You are running too many services in just one box. It
may lead to problems latter. To minimize that, I would
suggest you to chroot apache and run it with a
specific apache user (like apache or www). A good idea
would be install it with the mininum number of
features possible (look at
http://www.securityfocus.com/infocus/1694).
You didn't mention which mail server you are using.
Run a good one (postfix or qmail). In addition to
that, no matter the security measures you are using,
keep your
server updated. You could also use some Host-based IDS
or log analysis tool to improve the detection
capabilities there. I suggest OSSEC HIDS
(www.ossec.net/hids/), because it does log analysis
and integrity checking together (in addition to have a
nice correlation engine and a nice notification tool),
but I'm suspicious to talk about it :).
Hope it helps..
--
Daniel B. Cid, CISSP
daniel.cid @ (at) {gmail. com}
--- AragonX <aragonx@dcsnow.com> escreveu:
> I had an intrusion on one of my servers and am in
> the process of hardening
> it (after a reinstall). I'm using Fedora Core 4.
> I've taken all the
> basic steps (shutting down unused services etc) and
> have done the
> following:
>
> Installed Smothwall on a separate box.
> Installed & configured AIDE, Snort and chkrootkit
> Ran Bastille
>
> I am in the process of configuring LIDS. I'm using
> LIDS instead of
> SELinux because it's easier for me to configure.
>
> My next and final step will be to install
> mod_security.
>
> The server performs the following tasks:
>
> Web (Squirrelmail, eGroupWare, myPhpAdmin and
> others) and email serving
> to the internet.
> File, print and DHCP serving to my local network.
>
> I'm looking for more preventative measures. It
> appears that LIDS and
> mod_security are the only ones in that role now.
> Should I jail apache?
> Would that give me any benefits over what LIDS
> provides?
>
> Thank you in advance.
>
>
__________________________________________________
Converse com seus amigos em tempo real com o Yahoo! Messenger
http://br.download.yahoo.com/messenger/
- Previous message: Scott Gifford: "Re: SMB : TCP/445 impossible to sniff a document sent to be printed to a MS Spooler Server"
- In reply to: AragonX: "Linux hardening"
- Next in thread: Sean Finkel: "Re: Linux hardening"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
