Security Basics mailing list archives

Re: securing linux webserver?

From: Eduardo Kienetz <eduardok () gmail com>
Date: Tue, 1 Mar 2005 11:59:23 -0300

On Tue, 1 Mar 2005 03:21:55 +0100, John Doe
<security.department () tele2 ch> wrote:

Am Montag, 28. Februar 2005 03.04 schrieb Kurt Leum:

sorry to be so noob,

A friend of mine set up a webserver:
http://www.globalgamesearch.com
problem is, he and I have no idea how to go about
securing it;


Unfortunately I can't provide very much help to your question below;
just wanted to say that it's a bad idea to give out the address of a server to
a security list and stating it is insecure.

There are a lot of people with high hacking capabilities reading this list,
some of them could (theoretically) use the server as a target without
searching for vulnerable servers.

But maybe your idea with this mail is to attract penetration testers???

he started with SuSE Linux 9.1 with Apache 2.0, PHP
4.3.1, and MySQL out of the box and put it up.

about half an hour ago, an intruder broke in, replaced
SSHD with a back door, and pretty much screwed the
system up.


basic tips:

- don't use the standard port 22 for sshd
- restrict the IPs allowd to contact sshd if possible
- eventually use some port knocking to secure sshd

We're going to reinstall the system with minimal
programs, extremely secure permissions


good idea

and a basic firewall


Not clear what you mean by basic.

If possible, when configuring the firewall, start by deny everything; then
allow, step by step, what's absolutely necessary.

, but beyond that we have no clue what to do.
Can anyone here please help me out on this?
Thanks in advance for any help.


beyond that... difficult. Wait for answers of real cracks :-)

greetings joe


Also, block the disclosure of application versions:
Apache x.xx (i.e. when you try to access a page tat does not exist is
shows: "Apache/1.3.xx Server at xxxxx.com Port 80")
Bind version (version "secret")
Do not forget to change mysql default root password. Database "test"
could be removed.
/etc/issue{.net} should be blank at best.
php.ini allow_url_fopen tag should be Off

Regards,

-- 
Eduardo  Bacchi Kienetz
http://www.noticiaslinux.com.br/eduardo/

Current thread:

securing linux webserver? Kurt Leum (Feb 28)
- Re: securing linux webserver? Alejandro Flores (Mar 01)
- Re: securing linux webserver? John Doe (Mar 01)
  - Re: securing linux webserver? Aman Raheja (Mar 01)
    - Re: securing linux webserver? Hamish Stanaway (Mar 03)
  - Re: securing linux webserver? Eduardo Kienetz (Mar 01)
    - Re: securing linux webserver? AragonX (Mar 02)
  - Re: securing linux webserver? xyberpix (Mar 01)
- Re: securing linux webserver? Hecber Cordova (Mar 01)
  - Re: securing linux webserver? Marco (Mar 01)
- Re: securing linux webserver? Hecber Cordova (Mar 02)
- Re: securing linux webserver? David Glosser (Mar 03)
- <Possible follow-ups>
- Re: securing linux webserver? Ivan Coric (Mar 01)
- RE: securing linux webserver? Smith, Ryan (Mar 01)
- Re: securing linux webserver? Kurt Leum (Mar 02)