Re: Linux hardening

From: Roman Shirokov (forward_at_)
Date: 08/23/05

  • Next message: Bénoni MARTIN: "RE: linux password cracking tools" 
    Date: Tue, 23 Aug 2005 13:01:22 +0400
To: focus-linux@securityfocus.com

    Sunday, August 21, 2005, 4:13:49 PM, you wrote:

    > I had an intrusion on one of my servers and am in the process of hardening
    > it (after a reinstall). I'm using Fedora Core 4. I've taken all the
    > basic steps (shutting down unused services etc) and have done the
    > following:

    > Installed Smothwall on a separate box.
    > Installed & configured AIDE, Snort and chkrootkit
    > Ran Bastille

    > I am in the process of configuring LIDS. I'm using LIDS instead of
    > SELinux because it's easier for me to configure.

    > My next and final step will be to install mod_security.

    > The server performs the following tasks:

    > Web (Squirrelmail, eGroupWare, myPhpAdmin and others) and email serving
    > to the internet.
    > File, print and DHCP serving to my local network.

    > I'm looking for more preventative measures. It appears that LIDS and
    > mod_security are the only ones in that role now. Should I jail apache?
    > Would that give me any benefits over what LIDS provides?

    > Thank you in advance.

    There is good Security Handbook at http://www.gentoo.org/doc/en/security/index.xml
    This is a step-by-step guide for hardening Gentoo Linux, but it could be
    useful for linux security hardening in general. 

    -- 
 Roman Shirokov
 Systems Administrator
 e-mail: securitybox@softhome.net
 http://www.securitybox.vlz.ru
 Key fingerprint: 85A4 8586 FEEE 171B D0F1  A9C1 27C8 A907 EE45 7D0E  
 Living in digital, thinking in binary, talking on IP - welcome to our world!
  • Next message: Bénoni MARTIN: "RE: linux password cracking tools"