Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: Re: securing linux webserver?

Re: securing linux webserver?

From: xyberpix <xyberpix_at_xyberpix.com>
Date: Tue, 1 Mar 2005 16:50:38 -0000 (GMT)

Here's a couple of links to get you started, google is your friend on this
one. :-)

http://www.linux.com/article.pl?sid=04/04/15/1913248

http://www.bembry.org/tech/linux/server_security.php

I'd also suggest running something like bastille on your host as well,
just to harden it, it's easy enough for a newbie to do as well, and it
explains a lot of what it's doing.

http://www.bastille-linux.org/

This is a good link on securing Apache as well:

http://www.securityfocus.com/infocus/1694

As for SSH, using the default port would be fine, just make sure you use
key authentication, and NOT password authentication, here's a link, Google
has loads more.

http://www.puddingonline.com/~dave/publications/SSH-with-Keys-HOWTO/document/html-one-page/SSH-with-Keys-HOWTO.html

Is this host behind a firewall at all, as if not, then you should look
into tunning a firewall on the host as well.

Other things to note:

- only run the services that you need on the box

- have a bare minimum of user accounts on the box

- make sure that all security updates/patches are applied

- Make sure your logging is turned on for all services you are going to
run, now that this box has been hacked once, and if it was a really easy
target, chances are the person will have another go at it when it's back
up.

Here are some other links that are relevant, and that may help:

http://searchenterpriselinux.techtarget.com/originalContent/0,289142,sid39_gci928466,00.html

http://www.informit.com/articles/article.asp?p=169573

http://www.linuxgazette.com/issue34/vertes.html

http://www.securityfocus.com/infocus/1420

HTH

xyberpix
On Tue, 1 March, 2005 2:21, John Doe said:
> Am Montag, 28. Februar 2005 03.04 schrieb Kurt Leum:
>> sorry to be so noob,
>>
>> A friend of mine set up a webserver:
>> http://www.globalgamesearch.com
>> problem is, he and I have no idea how to go about
>> securing it;
>
> Unfortunately I can't provide very much help to your question below;
> just wanted to say that it's a bad idea to give out the address of a
> server to
> a security list and stating it is insecure.
>
> There are a lot of people with high hacking capabilities reading this
> list,
> some of them could (theoretically) use the server as a target without
> searching for vulnerable servers.
>
> But maybe your idea with this mail is to attract penetration testers???
>
>
>> he started with SuSE Linux 9.1 with Apache 2.0, PHP
>> 4.3.1, and MySQL out of the box and put it up.
>>
>> about half an hour ago, an intruder broke in, replaced
>> SSHD with a back door, and pretty much screwed the
>> system up.
>
> basic tips:
>
> - don't use the standard port 22 for sshd
> - restrict the IPs allowd to contact sshd if possible
> - eventually use some port knocking to secure sshd
>
>> We're going to reinstall the system with minimal
>> programs, extremely secure permissions
>
> good idea
>
>> and a basic firewall
>
> Not clear what you mean by basic.
>
> If possible, when configuring the firewall, start by deny everything; then
> allow, step by step, what's absolutely necessary.
>
>> , but beyond that we have no clue what to do.
>> Can anyone here please help me out on this?
>> Thanks in advance for any help.
>
> beyond that... difficult. Wait for answers of real cracks :-)
>
> greetings joe
> 

-- 
For security and Opensource news check out:
http://www.xyberpix.com
Received on Mar 01 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]