Re: securing linux webserver?

From: John Doe (security.department_at_tele2.ch)
Date: 03/01/05

  • Next message: Robert Hines: "RE: Preventing Copy/ Paste"
    To: security-basics@securityfocus.com
    Date: Tue, 1 Mar 2005 03:21:55 +0100
    
    

    Am Montag, 28. Februar 2005 03.04 schrieb Kurt Leum:
    > sorry to be so noob,
    >
    > A friend of mine set up a webserver:
    > http://www.globalgamesearch.com
    > problem is, he and I have no idea how to go about
    > securing it;

    Unfortunately I can't provide very much help to your question below;
    just wanted to say that it's a bad idea to give out the address of a server to
    a security list and stating it is insecure.

    There are a lot of people with high hacking capabilities reading this list,
    some of them could (theoretically) use the server as a target without
    searching for vulnerable servers.

    But maybe your idea with this mail is to attract penetration testers???

    > he started with SuSE Linux 9.1 with Apache 2.0, PHP
    > 4.3.1, and MySQL out of the box and put it up.
    >
    > about half an hour ago, an intruder broke in, replaced
    > SSHD with a back door, and pretty much screwed the
    > system up.

    basic tips:

    - don't use the standard port 22 for sshd
    - restrict the IPs allowd to contact sshd if possible
    - eventually use some port knocking to secure sshd

    > We're going to reinstall the system with minimal
    > programs, extremely secure permissions

    good idea

    > and a basic firewall

    Not clear what you mean by basic.

    If possible, when configuring the firewall, start by deny everything; then
    allow, step by step, what's absolutely necessary.

    > , but beyond that we have no clue what to do.
    > Can anyone here please help me out on this?
    > Thanks in advance for any help.

    beyond that... difficult. Wait for answers of real cracks :-)

    greetings joe


  • Next message: Robert Hines: "RE: Preventing Copy/ Paste"