Re: securing linux webserver?
From: John Doe (security.department_at_tele2.ch)
To: firstname.lastname@example.org Date: Tue, 1 Mar 2005 03:21:55 +0100
Am Montag, 28. Februar 2005 03.04 schrieb Kurt Leum:
> sorry to be so noob,
> A friend of mine set up a webserver:
> problem is, he and I have no idea how to go about
> securing it;
Unfortunately I can't provide very much help to your question below;
just wanted to say that it's a bad idea to give out the address of a server to
a security list and stating it is insecure.
There are a lot of people with high hacking capabilities reading this list,
some of them could (theoretically) use the server as a target without
searching for vulnerable servers.
But maybe your idea with this mail is to attract penetration testers???
> he started with SuSE Linux 9.1 with Apache 2.0, PHP
> 4.3.1, and MySQL out of the box and put it up.
> about half an hour ago, an intruder broke in, replaced
> SSHD with a back door, and pretty much screwed the
> system up.
- don't use the standard port 22 for sshd
- restrict the IPs allowd to contact sshd if possible
- eventually use some port knocking to secure sshd
> We're going to reinstall the system with minimal
> programs, extremely secure permissions
> and a basic firewall
Not clear what you mean by basic.
If possible, when configuring the firewall, start by deny everything; then
allow, step by step, what's absolutely necessary.
> , but beyond that we have no clue what to do.
> Can anyone here please help me out on this?
> Thanks in advance for any help.
beyond that... difficult. Wait for answers of real cracks :-)