Security Basics mailing list archives

server security

From: "Littlefield, Tyler" <tyler () tysdomain com>
Date: Wed, 20 Jun 2012 11:27:26 -0600

Hello:
I have a couple questions. First, I'll explain what I did:

I set up iptables and removed all unwanted services. Iptables blockseverything, then only opens what it wants. I also use the addrtypemodule to limit broadcast and unspec addresses, etc. I also do somemalformed packet work where I just drop everything that looks malformed(mainly by the flags).2) I secured ssh: blocked root logins, set it up so only users in thesshusers group can connect, and set it only to allow ppk.

3) I installed aid.
4) disabled malformed packets and forwarding/etc in sysctl.

This is a basic web server that runs email, web and a couple otherthings. It's only running on a linode512, so I don't have the ability toset up a ton of stuff; I also think that would make things more of amess. What else would be recommended?Also, I'm looking to add something to the web server; sometimes I noticethat there are a lot of requests from people scanning for common urlslike wordpress/phpbb3/etc, what kind of preventative measures exist forthis?



--
Take care,
Ty
http://tds-solutions.net
The aspen project: a barebones light-weight mud engine:
http://code.google.com/p/aspenmud
He that will not reason is a bigot; he that cannot reason is a fool; he that dares not reason is a slave.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

server security Littlefield, Tyler (Jun 20)
- Re: server security Mike Hale (Jun 20)
  - Re: server security Gregory . J . Bessette (Jun 20)
- Re: server security Rowland Onobrauche (Jun 20)
- Re: server security Alex Dolan (Jun 21)
  - Re: server security Rob (Jun 21)
  - Re: server security Mike Hale (Jun 21)
    - Re: server security Jerome Athias (Jun 21)
    - Re: server security Littlefield, Tyler (Jun 21)
    - Re: server security Killian Faughnan (Jun 21)
    - Re: server security Rory Browne (Jun 22)

(Thread continues...)