Re: Feedback solicited - best way to harden a mail/web server?
From: Jim Levie (jim@entrophy-free.net)
Date: 12/28/02
- Next message: Jim Levie: "Re: CD-R security"
- Previous message: Jim Levie: "Re: Feedback solicited - best way to harden a mail/web server?"
- In reply to: Jared: "Re: Feedback solicited - best way to harden a mail/web server?"
- Next in thread: teddy: "Re: Feedback solicited - best way to harden a mail/web server?"
- Reply: teddy: "Re: Feedback solicited - best way to harden a mail/web server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jim Levie" <jim@entrophy-free.net> Date: Sat, 28 Dec 2002 14:35:47 -0600
On Fri, 27 Dec 2002 21:26:37 +0000, Jared wrote:
> "teddy" <mouschi@cheese-head-state.rr.com> wrote in message news:<d55P9.27087$P36.504132@twister.rdc-kc.rr.com>...
>> "Jared H." <jared@hwai.com> wrote:
>> Do you need bind? What are you using it for? You've said this is for "home
>> use," I've never heard of someone needing bind at home.
>
> I am running my own domain from the server so yes, I need bind AFAIK.
> Am running Apache/PHP/Squirrelmail so I can check email during the day
> from client sites. I just realized there's no reason to use port 443,
> so I am going to change it to a non-privileged number.
>
That's pretty much "security through obscurity". Changing the HTTPS port to
one greater than 1024 doesn't help if you happen to be running a vulnerable
version of Apache/OpenSSL. The vulnerabiltiy is in the application and
changing the port just makes it a bit more difficult to find the vulnerabilty.
If I were trying to penetrate such a system it would take only a few minutes
to find the port being used for HTTPS and then I'm in if the application is
vulnerable.
>> -=-
>> Basically, you want to minimize the number of suid-root files and processes
>> running as root. then you want to make sure that those (hopefully few)
>> packages are kept up to date.
>
> That's been my philosophy all along. I am kinda wondering if
> chkrootkit may be the problem. Am going to reinstall ps from CD, see
> what's what and then rerun chkrootkit. I am wondering if the result
> is ambiguous; none of the tells of adore and its ilk are on the
> machine, and only the ports I want are open - really makes me wonder
> if the machine is, in fact, OK. We'll see.
>
It is possible that something else you've intentionally done on the machine is
fooling chkrootkit. That's where having Tripwire active is a help.
-- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= The instructions said to use Windows 98 or better, so I installed RedHat Jim Levie email: jim@entrophy-free.net
- Next message: Jim Levie: "Re: CD-R security"
- Previous message: Jim Levie: "Re: Feedback solicited - best way to harden a mail/web server?"
- In reply to: Jared: "Re: Feedback solicited - best way to harden a mail/web server?"
- Next in thread: teddy: "Re: Feedback solicited - best way to harden a mail/web server?"
- Reply: teddy: "Re: Feedback solicited - best way to harden a mail/web server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
