Re: Feedback solicited - best way to harden a mail/web server?
From: teddy (mouschi@cheese-head-state.rr.com)
Date: 12/28/02
- Next message: Walter Dnes: "Re: Really headache on antispam!"
- Previous message: D. Stussy: "Re: I have trouble with spam mail ,too.....Help me,please."
- In reply to: Jared H.: "Feedback solicited - best way to harden a mail/web server?"
- Next in thread: Jared: "Re: Feedback solicited - best way to harden a mail/web server?"
- Reply: Jared: "Re: Feedback solicited - best way to harden a mail/web server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "teddy" <mouschi@cheese-head-state.rr.com> Date: Fri, 27 Dec 2002 23:10:01 GMT
"Jared H." <jared@hwai.com> wrote:
> I've been rootkitted again; third time in the last six months. Advice
> sought. Here is my current setup:
Something very wrong here... 8-/
> RH 8.0
> ports 53 (TCP/UDP), 25, 443 open
> - this is a mail server primarily, running imap, Apache, PHP
> (Squirrelmail),
> Bastille firewall (I have my and my wife's workstations behind it). I
> hate to leave privileged ports open, but a server is no use if it can't
> communicate.
[SNIP]
> Assuming the intruder broke into Postfix (port 25) or Apache (port 443) or
> bind (port 53), would chrooting have done anything to minimize damage by a
> Trojan?
Okay, first rule (and argueably only rule): minimization.
Do you need bind? What are you using it for? You've said this is for "home
use," I've never heard of someone needing bind at home.
What kind of stuff you you have running with apache? mod_ssl? What do you
use it for? do you need any of those special modules?
What kind of extra stuff has been installed on this machine? Does it need X
windows? Do all of those files need to be suid? (a simple 'find
/ -perm -04000 > suids.txt' can be very revealing)
Does the machine need to be able to make outgoing connections to the
internet? (related: do you SEND mail from this machine or just recieve? i.e.
is mail sent using your ISP's mailservers?)
Is apache/php/squirrelmail needed or would a mere pop3/imap daemon do? err,
okay you already have imap running. Why do you need squirrelmail? wouldn't
just imap do for remote access?
-=-
Basically, you want to minimize the number of suid-root files and processes
running as root. then you want to make sure that those (hopefully few)
packages are kept up to date.
-Ted
- Next message: Walter Dnes: "Re: Really headache on antispam!"
- Previous message: D. Stussy: "Re: I have trouble with spam mail ,too.....Help me,please."
- In reply to: Jared H.: "Feedback solicited - best way to harden a mail/web server?"
- Next in thread: Jared: "Re: Feedback solicited - best way to harden a mail/web server?"
- Reply: Jared: "Re: Feedback solicited - best way to harden a mail/web server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
