Security Basics mailing list archives
Re: Linux hardening
From: security () surefoot com
Date: Tue, 23 Aug 2005 13:21:02 -0600
On Saturday 20 August 2005 09:00, AragonX <Ar> wrote: [...some good stuff deleted...]
The server performs the following tasks: Web (Squirrelmail, eGroupWare, myPhpAdmin and others) and email serving to the internet. File, print and DHCP serving to my local network.
Try and lock down any web app you have with regular apache auth - it's often more secure than the built-in authentication schemes offered by these apps.
I'm looking for more preventative measures. It appears that LIDS and mod_security are the only ones in that role now. Should I jail apache? Would that give me any benefits over what LIDS provides?
You might want to look at libsafe too. It does work well and is one more roadblock for hackers. Generally, how much you do depends on your goals. Jailing services is a good idea, but again it depends on how far you want to go. An external firewall could also help quite a bit by providing an additional layer of security, and if set up that way it can also alert you of unusual activity. Same goes for an IDS somewhere on your network of course. J
Current thread:
- Linux hardening AragonX (Aug 22)
- Re: Linux hardening James Leighe (Aug 23)
- Re: Linux hardening Jayson Anderson (Aug 24)
- Re: Linux hardening security (Aug 26)
- Re: Linux hardening AragonX (Aug 26)
- Re: Linux hardening Jayson Anderson (Aug 24)
- Re: Linux hardening security (Aug 24)
- <Possible follow-ups>
- Re: Linux hardening cabeca (Aug 23)
- Re: Linux hardening AragonX (Aug 24)
- Re: Linux hardening James Leighe (Aug 23)