Re: [SLUG] Webserver

From: Jared Quedens (jared_quedens@yahoo.com)
Date: Tue Jul 29 2003 - 20:13:20 EDT


hey Paul,
        Their are many books on the topic of Linux Security that have what your looking for.
Basically to harden the box, You have to start with everything closed! I would install what
services I would like, and open the port on the firewall one at a time. After my services were
installed and everything ran good, Install tripwire and Snort. Now the box can test itself and let
me know if anythings going wrong. Using SSH with static IPs makes SSH pretty secure. FTP by its
nature is not very secure, However WU-FTP has a fairly good aproach to security. Fact is you cant
harden the box overnight. It takes a lot of planning. If your starting from a fresh box take it
one step at a time. only put on the box what you need. Even in the /bin and /sbin. for example if
you already partitioned and formatted the box, Remove fdisk and mkfs. If you feel funny doing that
burn a cd with the /sbin and /bin directories. If you need the files later you can always copy
them back. Shure doing this does cripple the box a bit. But after everthing is running who cares.
Well hope this helped a little. Books like the hackers bible and Linux security are really good
sources for learning how to secure your box well. But remeber always to expect the unexpected.
good luck!

> We currently lease a server and had several security patches installed on it. It is an
> older Cobalt Raq4. Sun bought Cobalt and shut down Cobalt so support is getting
> shaky. We are looking to buy or lease another box. I don't see Apache as the big
> problem, but installing a firewall, honeypot, secure shell, and other programs
> required to make the box reasonably secure is a challenge.
>
> Paul Wilson

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:04:52 EDT