Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: Re: securing linux webserver?

Re: securing linux webserver?

From: Eduardo Kienetz <eduardok_at_gmail.com>
Date: Tue, 1 Mar 2005 11:59:23 -0300

On Tue, 1 Mar 2005 03:21:55 +0100, John Doe
<security.department_at_tele2.ch> wrote:
> Am Montag, 28. Februar 2005 03.04 schrieb Kurt Leum:
> > sorry to be so noob,
> >
> > A friend of mine set up a webserver:
> > http://www.globalgamesearch.com
> > problem is, he and I have no idea how to go about
> > securing it;
>
> Unfortunately I can't provide very much help to your question below;
> just wanted to say that it's a bad idea to give out the address of a server to
> a security list and stating it is insecure.
>
> There are a lot of people with high hacking capabilities reading this list,
> some of them could (theoretically) use the server as a target without
> searching for vulnerable servers.
>
> But maybe your idea with this mail is to attract penetration testers???
>
>
> > he started with SuSE Linux 9.1 with Apache 2.0, PHP
> > 4.3.1, and MySQL out of the box and put it up.
> >
> > about half an hour ago, an intruder broke in, replaced
> > SSHD with a back door, and pretty much screwed the
> > system up.
>
> basic tips:
>
> - don't use the standard port 22 for sshd
> - restrict the IPs allowd to contact sshd if possible
> - eventually use some port knocking to secure sshd
>
> > We're going to reinstall the system with minimal
> > programs, extremely secure permissions
>
> good idea
>
> > and a basic firewall
>
> Not clear what you mean by basic.
>
> If possible, when configuring the firewall, start by deny everything; then
> allow, step by step, what's absolutely necessary.
>
> > , but beyond that we have no clue what to do.
> > Can anyone here please help me out on this?
> > Thanks in advance for any help.
>
> beyond that... difficult. Wait for answers of real cracks :-)
>
> greetings joe
>

Also, block the disclosure of application versions:
Apache x.xx (i.e. when you try to access a page tat does not exist is
shows: "Apache/1.3.xx Server at xxxxx.com Port 80")
Bind version (version "secret")
Do not forget to change mysql default root password. Database "test"
could be removed.
/etc/issue{.net} should be blank at best.
php.ini allow_url_fopen tag should be Off

Regards, 

-- 
Eduardo  Bacchi Kienetz
http://www.noticiaslinux.com.br/eduardo/
Received on Mar 01 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]