Re: securing linux webserver?

[John Doe <security.department () tele2 ch>]

Am Montag, 28. Februar 2005 03.04 schrieb Kurt Leum:
> sorry to be so noob,
>
> A friend of mine set up a webserver:
> http://www.globalgamesearch.com
> problem is, he and I have no idea how to go about
> securing it;

Unfortunately I can't provide very much help to your question below;
just wanted to say that it's a bad idea to give out the address of a server to 
a security list and stating it is insecure.

There are a lot of people with high hacking capabilities reading this list, 
some of them could (theoretically) use the server as a target without 
searching for vulnerable servers. 

But maybe your idea with this mail is to attract penetration testers???


> he started with SuSE Linux 9.1 with Apache 2.0, PHP
> 4.3.1, and MySQL out of the box and put it up.
>
> about half an hour ago, an intruder broke in, replaced
> SSHD with a back door, and pretty much screwed the
> system up.

basic tips:

- don't use the standard port 22 for sshd
- restrict the IPs allowd to contact sshd if possible
- eventually use some port knocking to secure sshd

> We're going to reinstall the system with minimal
> programs, extremely secure permissions 

good idea

> and a basic firewall

Not clear what you mean by basic.

If possible, when configuring the firewall, start by deny everything; then 
allow, step by step, what's absolutely necessary.

> , but beyond that we have no clue what to do. 
> Can anyone here please help me out on this?
> Thanks in advance for any help.

beyond that... difficult. Wait for answers of real cracks :-)

greetings joe