Security Basics mailing list archives

Re: Linux hardening

From: "cabeca" <cabeca () hush ai>
Date: Mon, 22 Aug 2005 19:05:29 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ok, nice countermeasures, but you are missing one important thing,
did you know how the intruder owned your machine first time? Its a
good start point, checkout the servers that you are using, maybe a
vulnerable version of myPhpmyadmin or whatever...
What´s the point of creating the taller and strongest wall and
leave a door open?

Regards,

cabeca <cabeca [a+t] hush [dot] ai>

On Sat, 20 Aug 2005 08:00:25 -0700 AragonX <aragonx () dcsnow com>
wrote:

I had an intrusion on one of my servers and am in the process of
hardening
it (after a reinstall).  I'm using Fedora Core 4.  I've taken all
the
basic steps (shutting down unused services etc) and have done the
following:

Installed Smothwall on a separate box.
Installed & configured AIDE, Snort and chkrootkit
Ran Bastille

I am in the process of configuring LIDS.  I'm using LIDS instead
of
SELinux because it's easier for me to configure.

My next and final step will be to install mod_security.

The server performs the following tasks:

  Web (Squirrelmail, eGroupWare, myPhpAdmin and others) and email
serving
to the internet.
  File, print and DHCP serving to my local network.

I'm looking for more preventative measures.  It appears that LIDS
and
mod_security are the only ones in that role now.  Should I jail
apache?
Would that give me any benefits over what LIDS provides?

Thank you in advance.

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkMKhKAACgkQAyzTYnoORtEXYgCcD74lJdCwnbgXnqWXuKTsEQaPOy8A
nRf1PyYSSzc36Jgwcrh/mmT+hikG
=uTzz
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

Current thread:

Linux hardening AragonX (Aug 22)
- Re: Linux hardening James Leighe (Aug 23)
  - Re: Linux hardening Jayson Anderson (Aug 24)
    - Re: Linux hardening security (Aug 26)
    - Re: Linux hardening AragonX (Aug 26)
- Re: Linux hardening security (Aug 24)
- <Possible follow-ups>
- Re: Linux hardening cabeca (Aug 23)
  - Re: Linux hardening AragonX (Aug 24)