Re: securing linux webserver?
From: xyberpix (xyberpix_at_xyberpix.com)
Date: 03/01/05
- Previous message: Ju Ne: "Open ports to establish a one-way trust"
- In reply to: John Doe: "Re: securing linux webserver?"
- Next in thread: Ivan Coric: "Re: securing linux webserver?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 1 Mar 2005 16:50:38 -0000 (GMT) To: security.department@tele2.ch
Here's a couple of links to get you started, google is your friend on this
one. :-)
http://www.linux.com/article.pl?sid=04/04/15/1913248
http://www.bembry.org/tech/linux/server_security.php
I'd also suggest running something like bastille on your host as well,
just to harden it, it's easy enough for a newbie to do as well, and it
explains a lot of what it's doing.
http://www.bastille-linux.org/
This is a good link on securing Apache as well:
http://www.securityfocus.com/infocus/1694
As for SSH, using the default port would be fine, just make sure you use
key authentication, and NOT password authentication, here's a link, Google
has loads more.
Is this host behind a firewall at all, as if not, then you should look
into tunning a firewall on the host as well.
Other things to note:
- only run the services that you need on the box
- have a bare minimum of user accounts on the box
- make sure that all security updates/patches are applied
- Make sure your logging is turned on for all services you are going to
run, now that this box has been hacked once, and if it was a really easy
target, chances are the person will have another go at it when it's back
up.
Here are some other links that are relevant, and that may help:
http://searchenterpriselinux.techtarget.com/originalContent/0,289142,sid39_gci928466,00.html
http://www.informit.com/articles/article.asp?p=169573
http://www.linuxgazette.com/issue34/vertes.html
http://www.securityfocus.com/infocus/1420
HTH
xyberpix
On Tue, 1 March, 2005 2:21, John Doe said:
> Am Montag, 28. Februar 2005 03.04 schrieb Kurt Leum:
>> sorry to be so noob,
>>
>> A friend of mine set up a webserver:
>> http://www.globalgamesearch.com
>> problem is, he and I have no idea how to go about
>> securing it;
>
> Unfortunately I can't provide very much help to your question below;
> just wanted to say that it's a bad idea to give out the address of a
> server to
> a security list and stating it is insecure.
>
> There are a lot of people with high hacking capabilities reading this
> list,
> some of them could (theoretically) use the server as a target without
> searching for vulnerable servers.
>
> But maybe your idea with this mail is to attract penetration testers???
>
>
>> he started with SuSE Linux 9.1 with Apache 2.0, PHP
>> 4.3.1, and MySQL out of the box and put it up.
>>
>> about half an hour ago, an intruder broke in, replaced
>> SSHD with a back door, and pretty much screwed the
>> system up.
>
> basic tips:
>
> - don't use the standard port 22 for sshd
> - restrict the IPs allowd to contact sshd if possible
> - eventually use some port knocking to secure sshd
>
>> We're going to reinstall the system with minimal
>> programs, extremely secure permissions
>
> good idea
>
>> and a basic firewall
>
> Not clear what you mean by basic.
>
> If possible, when configuring the firewall, start by deny everything; then
> allow, step by step, what's absolutely necessary.
>
>> , but beyond that we have no clue what to do.
>> Can anyone here please help me out on this?
>> Thanks in advance for any help.
>
> beyond that... difficult. Wait for answers of real cracks :-)
>
> greetings joe
>
-- For security and Opensource news check out: http://www.xyberpix.com
- Previous message: Ju Ne: "Open ports to establish a one-way trust"
- In reply to: John Doe: "Re: securing linux webserver?"
- Next in thread: Ivan Coric: "Re: securing linux webserver?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
