Re: Linux hardening

From: Daniel Cid (danielcid_at_yahoo.com.br)
Date: 08/22/05

  • Next message: AragonX: "Re: Linux hardening"
    Date: Mon, 22 Aug 2005 16:49:37 -0300 (ART)
    To: AragonX <aragonx@dcsnow.com>, focus-linux@securityfocus.com
    
    

    Hello,

    You are running too many services in just one box. It
    may lead to problems latter. To minimize that, I would
    suggest you to chroot apache and run it with a
    specific apache user (like apache or www). A good idea
    would be install it with the mininum number of
    features possible (look at
    http://www.securityfocus.com/infocus/1694).
    You didn't mention which mail server you are using.
    Run a good one (postfix or qmail). In addition to
    that, no matter the security measures you are using,
    keep your
    server updated. You could also use some Host-based IDS
    or log analysis tool to improve the detection
    capabilities there. I suggest OSSEC HIDS
    (www.ossec.net/hids/), because it does log analysis
    and integrity checking together (in addition to have a
    nice correlation engine and a nice notification tool),
    but I'm suspicious to talk about it :).

    Hope it helps..

    --
    Daniel B. Cid, CISSP
    daniel.cid @ (at) {gmail. com}
    --- AragonX <aragonx@dcsnow.com> escreveu:
    > I had an intrusion on one of my servers and am in
    > the process of hardening
    > it (after a reinstall).  I'm using Fedora Core 4. 
    > I've taken all the
    > basic steps (shutting down unused services etc) and
    > have done the
    > following:
    > 
    > Installed Smothwall on a separate box.
    > Installed & configured AIDE, Snort and chkrootkit
    > Ran Bastille
    > 
    > I am in the process of configuring LIDS.  I'm using
    > LIDS instead of
    > SELinux because it's easier for me to configure.
    > 
    > My next and final step will be to install
    > mod_security.
    > 
    > The server performs the following tasks:
    > 
    >    Web (Squirrelmail, eGroupWare, myPhpAdmin and
    > others) and email serving
    > to the internet.
    >    File, print and DHCP serving to my local network.
    > 
    > I'm looking for more preventative measures.  It
    > appears that LIDS and
    > mod_security are the only ones in that role now. 
    > Should I jail apache?
    > Would that give me any benefits over what LIDS
    > provides?
    > 
    > Thank you in advance.
    > 
    > 
    __________________________________________________
    Converse com seus amigos em tempo real com o Yahoo! Messenger 
    http://br.download.yahoo.com/messenger/ 
    

  • Next message: AragonX: "Re: Linux hardening"