Re: securing linux webserver?

["Hamish Stanaway" <koremeltdown () hotmail com>]

Hi Aman,

I disagree to some point as to what you have stated below. I would post just 
as the original poster did. The reason that I personally would have done it 
as that securityfocus is one source of excellent, specialized information 
with relation to web server security and all other server security. Just 
because there is information available on google, does not mean that it 
should be the only revenue explored. Many people on this list have 
specialized skills with relation to web server security - reading the 
standard security docs for apache is only going to stop a very small group 
of security breaches - virus writers, script kiddies and hackers all know 
the limitations imposed by the standard security setup of the apache httpd 
daemon server, and linux web servers.
It is therefore only logical that one would query this list to get the most 
up to date, specialized information to ensure that they are as secure as 
possible. A web server is an investment, and if you're like me I will go 
that extra mile for any investment I have.
The only reason I personally didnt ask such a question is that I am still 
reading the old security docs for http & linux - the original poster just 
saved me time and effort by asking it for himself.. Thanks for that!
So as a final statement, just "googling" the issue might not be the best 
response to the poster in this instance.


Kindest of regards,

Hamish Stanaway, Director
Absolute Web Hosting / -= KoRe WoRkS =- Internet Security
Auckland, New Zealand

http://www.webhosting.net.nz
http://www.buywebhosting.co.nz
http://www.koreworks.com




> From: Aman Raheja <araheja () techquotes com>
> To: security-basics () securityfocus com
> Subject: Re: securing linux webserver?
> Date: Tue, 01 Mar 2005 08:25:12 -0600
> MIME-Version: 1.0
> Received: from [205.206.231.26] ([205.206.231.26]) by mc4-f26.hotmail.com 
> with Microsoft SMTPSVC(6.0.3790.211); Tue, 1 Mar 2005 08:55:54 -0800
> Received: from no.name.available by [205.206.231.26]          via smtpd 
> (for [65.54.190.230] [65.54.190.230]) with ESMTP; Tue, 1 Mar 2005 08:55:56 
> -0800
> Received: from lists.securityfocus.com (lists.securityfocus.com 
> [205.206.231.19])by outgoing2.securityfocus.com (Postfix) with QMQPid 
> 4E67214A257; Tue,  1 Mar 2005 09:20:06 -0700 (MST)
> Received: (qmail 6188 invoked from network); 1 Mar 2005 14:39:54 -0000
> X-Message-Info: JGTYoYF78jHoRaYbODNKwCx1zErpwL0JfcqLE5Kg/e4=
> Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
> Precedence: bulk
> List-Id: <security-basics.list-id.securityfocus.com>
> List-Post: <mailto:security-basics () securityfocus com>
> List-Help: <mailto:security-basics-help () securityfocus com>
> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
> Delivered-To: mailing list security-basics () securityfocus com
> Delivered-To: moderator for security-basics () securityfocus com
> User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
> X-Accept-Language: en-us, en
> References: <20050228020412.123.qmail () web90008 mail scd yahoo com> 
> <200503010322.28034.security.department () tele2 ch>
> Return-Path: 
> security-basics-return-32887-koremeltdown=hotmail.com () securityfocus com
> X-OriginalArrivalTime: 01 Mar 2005 16:55:54.0653 (UTC) 
> FILETIME=[884FACD0:01C51E7F]
>
> It would be easy to google what you need.
> There's no definite way to secure a webserver, though there are some basics 
> like hardening your kernel and installing only what is really required.
> Also follow the security doc of your webserver (like apache's, if that's 
> what you are using).
> If you have any specific questions, shoot back and you will get solutions 
> from this wonderful list.
> Good Luck
> Aman Raheja
>
> John Doe wrote:
>
> > Am Montag, 28. Februar 2005 03.04 schrieb Kurt Leum:
> >
> >
> > > sorry to be so noob,
> > >
> > > A friend of mine set up a webserver:
> > > http://www.globalgamesearch.com
> > > problem is, he and I have no idea how to go about
> > > securing it;
> >
> > Unfortunately I can't provide very much help to your question below;
> > just wanted to say that it's a bad idea to give out the address of a 
> > server to a security list and stating it is insecure.
> >
> > There are a lot of people with high hacking capabilities reading this 
> > list, some of them could (theoretically) use the server as a target 
> > without searching for vulnerable servers.
> >
> > But maybe your idea with this mail is to attract penetration testers???
> >
> >
> >
> >
> > > he started with SuSE Linux 9.1 with Apache 2.0, PHP
> > > 4.3.1, and MySQL out of the box and put it up.
> > >
> > > about half an hour ago, an intruder broke in, replaced
> > > SSHD with a back door, and pretty much screwed the
> > > system up.
> >
> > basic tips:
> >
> > - don't use the standard port 22 for sshd
> > - restrict the IPs allowd to contact sshd if possible
> > - eventually use some port knocking to secure sshd
> >
> >
> >
> > > We're going to reinstall the system with minimal
> > > programs, extremely secure permissions
> >
> > good idea
> >
> >
> >
> > > and a basic firewall
> >
> > Not clear what you mean by basic.
> >
> > If possible, when configuring the firewall, start by deny everything; then 
> > allow, step by step, what's absolutely necessary.
> >
> >
> >
> > > , but beyond that we have no clue what to do. Can anyone here please help 
> > > me out on this?
> > > Thanks in advance for any help.
> >
> > beyond that... difficult. Wait for answers of real cracks :-)
> >
> > greetings joe