Re: securing linux webserver?

["xyberpix" <xyberpix () xyberpix com>]

Here's a couple of links to get you started, google is your friend on this
one. :-)

http://www.linux.com/article.pl?sid=04/04/15/1913248

http://www.bembry.org/tech/linux/server_security.php

I'd also suggest running something like bastille on your host as well,
just to harden it, it's easy enough for a newbie to do as well, and it
explains a lot of what it's doing.

http://www.bastille-linux.org/

This is a good link on securing Apache as well:

http://www.securityfocus.com/infocus/1694

As for SSH, using the default port would be fine, just make sure you use
key authentication, and NOT password authentication, here's a link, Google
has loads more.

http://www.puddingonline.com/~dave/publications/SSH-with-Keys-HOWTO/document/html-one-page/SSH-with-Keys-HOWTO.html

Is this host behind a firewall at all, as if not, then you should look
into tunning a firewall on the host as well.

Other things to note:

- only run the services that you need on the box

- have a bare minimum of user accounts on the box

- make sure that all security updates/patches are applied

- Make sure your logging is turned on for all services you are going to
run, now that this box has been hacked once, and if it was a really easy
target, chances are the person will have another go at it when it's back
up.


Here are some other links that are relevant, and that may help:

http://searchenterpriselinux.techtarget.com/originalContent/0,289142,sid39_gci928466,00.html

http://www.informit.com/articles/article.asp?p=169573

http://www.linuxgazette.com/issue34/vertes.html

http://www.securityfocus.com/infocus/1420

HTH

xyberpix
On Tue, 1 March, 2005 2:21, John Doe said:
> Am Montag, 28. Februar 2005 03.04 schrieb Kurt Leum:
> > sorry to be so noob,
> >
> > A friend of mine set up a webserver:
> > http://www.globalgamesearch.com
> > problem is, he and I have no idea how to go about
> > securing it;
>
> Unfortunately I can't provide very much help to your question below;
> just wanted to say that it's a bad idea to give out the address of a
> server to
> a security list and stating it is insecure.
>
> There are a lot of people with high hacking capabilities reading this
> list,
> some of them could (theoretically) use the server as a target without
> searching for vulnerable servers.
>
> But maybe your idea with this mail is to attract penetration testers???
>
>
> > he started with SuSE Linux 9.1 with Apache 2.0, PHP
> > 4.3.1, and MySQL out of the box and put it up.
> >
> > about half an hour ago, an intruder broke in, replaced
> > SSHD with a back door, and pretty much screwed the
> > system up.
>
> basic tips:
>
> - don't use the standard port 22 for sshd
> - restrict the IPs allowd to contact sshd if possible
> - eventually use some port knocking to secure sshd
>
> > We're going to reinstall the system with minimal
> > programs, extremely secure permissions
>
> good idea
>
> > and a basic firewall
>
> Not clear what you mean by basic.
>
> If possible, when configuring the firewall, start by deny everything; then
> allow, step by step, what's absolutely necessary.
>
> > , but beyond that we have no clue what to do.
> > Can anyone here please help me out on this?
> > Thanks in advance for any help.
>
> beyond that... difficult. Wait for answers of real cracks :-)
>
> greetings joe


-- 
For security and Opensource news check out:
http://www.xyberpix.com