Security Basics mailing list archives
Re: securing linux webserver?
From: Aman Raheja <araheja () techquotes com>
Date: Tue, 01 Mar 2005 08:25:12 -0600
It would be easy to google what you need.There's no definite way to secure a webserver, though there are some basics like hardening your kernel and installing only what is really required. Also follow the security doc of your webserver (like apache's, if that's what you are using). If you have any specific questions, shoot back and you will get solutions from this wonderful list.
Good Luck Aman Raheja John Doe wrote:
Am Montag, 28. Februar 2005 03.04 schrieb Kurt Leum:sorry to be so noob, A friend of mine set up a webserver: http://www.globalgamesearch.com problem is, he and I have no idea how to go about securing it;Unfortunately I can't provide very much help to your question below;just wanted to say that it's a bad idea to give out the address of a server to a security list and stating it is insecure.There are a lot of people with high hacking capabilities reading this list, some of them could (theoretically) use the server as a target without searching for vulnerable servers.But maybe your idea with this mail is to attract penetration testers???he started with SuSE Linux 9.1 with Apache 2.0, PHP 4.3.1, and MySQL out of the box and put it up. about half an hour ago, an intruder broke in, replaced SSHD with a back door, and pretty much screwed the system up.basic tips: - don't use the standard port 22 for sshd - restrict the IPs allowd to contact sshd if possible - eventually use some port knocking to secure sshdWe're going to reinstall the system with minimalprograms, extremely secure permissionsgood ideaand a basic firewallNot clear what you mean by basic.If possible, when configuring the firewall, start by deny everything; then allow, step by step, what's absolutely necessary., but beyond that we have no clue what to do. Can anyone here please help me out on this?Thanks in advance for any help.beyond that... difficult. Wait for answers of real cracks :-) greetings joe
Current thread:
- securing linux webserver? Kurt Leum (Feb 28)
- Re: securing linux webserver? Alejandro Flores (Mar 01)
- Re: securing linux webserver? John Doe (Mar 01)
- Re: securing linux webserver? Aman Raheja (Mar 01)
- Re: securing linux webserver? Hamish Stanaway (Mar 03)
- Re: securing linux webserver? Eduardo Kienetz (Mar 01)
- Re: securing linux webserver? AragonX (Mar 02)
- Re: securing linux webserver? xyberpix (Mar 01)
- Re: securing linux webserver? Aman Raheja (Mar 01)
- Re: securing linux webserver? Hecber Cordova (Mar 01)
- Re: securing linux webserver? Marco (Mar 01)
- Re: securing linux webserver? Hecber Cordova (Mar 02)
- Re: securing linux webserver? David Glosser (Mar 03)
- <Possible follow-ups>
- Re: securing linux webserver? Ivan Coric (Mar 01)
- RE: securing linux webserver? Smith, Ryan (Mar 01)
(Thread continues...)