Re: Linux hardening

From: cabeca (cabeca_at_hush.ai)
Date: 08/23/05

  • Next message: Sagiko: "Re: ssh tunneling to bypass web proxy rules" 
    Date: Mon, 22 Aug 2005 19:05:29 -0700
To: "AragonX" <aragonx@dcsnow.com>, <security-basics@securityfocus.com>

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Ok, nice countermeasures, but you are missing one important thing,
    did you know how the intruder owned your machine first time? Its a
    good start point, checkout the servers that you are using, maybe a
    vulnerable version of myPhpmyadmin or whatever...
    What´s the point of creating the taller and strongest wall and
    leave a door open?

    Regards,

    cabeca <cabeca [a+t] hush [dot] ai>

    On Sat, 20 Aug 2005 08:00:25 -0700 AragonX <aragonx@dcsnow.com>
    wrote:
    >I had an intrusion on one of my servers and am in the process of
    >hardening
    >it (after a reinstall). I'm using Fedora Core 4. I've taken all
    >the
    >basic steps (shutting down unused services etc) and have done the
    >following:
    >
    >Installed Smothwall on a separate box.
    >Installed & configured AIDE, Snort and chkrootkit
    >Ran Bastille
    >
    >I am in the process of configuring LIDS. I'm using LIDS instead
    >of
    >SELinux because it's easier for me to configure.
    >
    >My next and final step will be to install mod_security.
    >
    >The server performs the following tasks:
    >
    > Web (Squirrelmail, eGroupWare, myPhpAdmin and others) and email
    >serving
    >to the internet.
    > File, print and DHCP serving to my local network.
    >
    >I'm looking for more preventative measures. It appears that LIDS
    >and
    >mod_security are the only ones in that role now. Should I jail
    >apache?
    >Would that give me any benefits over what LIDS provides?
    >
    >Thank you in advance.
    -----BEGIN PGP SIGNATURE-----
    Note: This signature can be verified at https://www.hushtools.com/verify
    Version: Hush 2.4

    wkYEARECAAYFAkMKhKAACgkQAyzTYnoORtEXYgCcD74lJdCwnbgXnqWXuKTsEQaPOy8A
    nRf1PyYSSzc36Jgwcrh/mmT+hikG
    =uTzz
    -----END PGP SIGNATURE-----

    Concerned about your privacy? Follow this link to get
    secure FREE email: http://www.hushmail.com/?l=2

    Free, ultra-private instant messaging with Hush Messenger
    http://www.hushmail.com/services-messenger?l=434

    Promote security and make money with the Hushmail Affiliate Program:
    http://www.hushmail.com/about-affiliate?l=427

  • Next message: Sagiko: "Re: ssh tunneling to bypass web proxy rules"

    Relevant Pages

    • Securing FC 4
      ... I had an intrusion on one of my servers and am in the process of hardening ... I am in the process of configuring LIDS. ... My next and final step will be to install mod_security. ... Web and email serving ...
      (Fedora)
    • Linux hardening
      ... I had an intrusion on one of my servers and am in the process of hardening ... I am in the process of configuring LIDS. ... My next and final step will be to install mod_security. ... Web and email serving ...
      (Security-Basics)
    • Linux hardening
      ... I had an intrusion on one of my servers and am in the process of hardening ... I am in the process of configuring LIDS. ... My next and final step will be to install mod_security. ... Web and email serving ...
      (Focus-Linux)
    • Re: Linux vs FreeBSD vs SCO
      ... This happened in the past and I've not done a lot with Linux ... things I ever learned about robustness in servers - and I only putz ... Then there is the rpm upgrade path. ... often you install an upgrade, and you find it needs something else, ...
      (comp.unix.sco.misc)
    • Is FreeBSD ready for desktop (Mozilla Flash)
      ... monitor,, somehow the install fails to detect ... "Macromedia Flash plugin is not available for FreeBSD. ... I quote again "Install the www/linuxpluginwrapper port. ... servers, ...
      (comp.unix.bsd.freebsd.misc)
    • Quantcast