Re: Feedback solicited - best way to harden a mail/web server?
From: teddy (mouschi@cheese-head-state.rr.com)
Date: 12/30/02
- Next message: Jared: "Re: Feedback solicited - best way to harden a mail/web server?"
- Previous message: teddy: "Re: Feedback solicited - best way to harden a mail/web server?"
- In reply to: Jared: "Re: Feedback solicited - best way to harden a mail/web server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "teddy" <mouschi@cheese-head-state.rr.com> Date: Mon, 30 Dec 2002 17:30:23 GMT
"Jared" <jared@hwai.com> wrote:
> > Do you need bind? What are you using it for? You've said this is for
"home
> > use," I've never heard of someone needing bind at home.
> I am running my own domain from the server so yes, I need bind AFAIK.
Well, I think that for a small donation something like dyndns.org would run
your domain for you. (for home use, of course.)
> > What kind of extra stuff has been installed on this machine? Does it
need X
> > windows? Do all of those files need to be suid? (a simple 'find
> > / -perm -04000 > suids.txt' can be very revealing)
> Hmm. No, strictly speaking it doesn't need X; but only ports 53 (UDP
> and TCP), 25 and 443 are seen from the outside. A buddy did a deep
> nmap scan today and confirms that.
Ah, but you see... If joe-random-service visible from the outside can be
attacked to give a shell (even a shell for user 'nobody') then the pile of
suids X leaves laying around would open you up to a local root attack. On
my most paranoid systems I leave nothing but 'su' with the suid bit. this
kinda makes doing most things difficult without being root, but I also don't
do much with it.
> > Is apache/php/squirrelmail needed or would a mere pop3/imap daemon do?
err,
> > okay you already have imap running. Why do you need squirrelmail?
wouldn't
> > just imap do for remote access?
> Only when firewall admins poke open port 119 :-), which most of them
> won't.
They won't let outgoing connections through?? Geeze, I thought only
paranoid highschools did that.
> That's been my philosophy all along. I am kinda wondering if
> chkrootkit may be the problem. Am going to reinstall ps from CD, see
> what's what and then rerun chkrootkit. I am wondering if the result
> is ambiguous; none of the tells of adore and its ilk are on the
> machine, and only the ports I want are open - really makes me wonder
> if the machine is, in fact, OK. We'll see.
If you become fairly certain it's hacked, there really is no salvaging it.
Wiping it clean and reinstalling is about the only method.
Make sure you've got the latest apache/openssl packages. That's been biting
a lot of people.
-Ted
- Next message: Jared: "Re: Feedback solicited - best way to harden a mail/web server?"
- Previous message: teddy: "Re: Feedback solicited - best way to harden a mail/web server?"
- In reply to: Jared: "Re: Feedback solicited - best way to harden a mail/web server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
