Hi Aman,
I disagree to some point as to what you have stated below. I would post just
as the original poster did. The reason that I personally would have done it
as that securityfocus is one source of excellent, specialized information
with relation to web server security and all other server security. Just
because there is information available on google, does not mean that it
should be the only revenue explored. Many people on this list have
specialized skills with relation to web server security - reading the
standard security docs for apache is only going to stop a very small group
of security breaches - virus writers, script kiddies and hackers all know
the limitations imposed by the standard security setup of the apache httpd
daemon server, and linux web servers.
It is therefore only logical that one would query this list to get the most
up to date, specialized information to ensure that they are as secure as
possible. A web server is an investment, and if you're like me I will go
that extra mile for any investment I have.
The only reason I personally didnt ask such a question is that I am still
reading the old security docs for http & linux - the original poster just
saved me time and effort by asking it for himself.. Thanks for that!
So as a final statement, just "googling" the issue might not be the best
response to the poster in this instance.
Kindest of regards,
Hamish Stanaway, Director
Absolute Web Hosting / -= KoRe WoRkS =- Internet Security
Auckland, New Zealand
http://www.webhosting.net.nz
http://www.buywebhosting.co.nz
http://www.koreworks.com
>From: Aman Raheja <araheja_at_techquotes.com>
>To: security-basics_at_securityfocus.com
>Subject: Re: securing linux webserver?
>Date: Tue, 01 Mar 2005 08:25:12 -0600
>MIME-Version: 1.0
>Received: from [205.206.231.26] ([205.206.231.26]) by mc4-f26.hotmail.com
>with Microsoft SMTPSVC(6.0.3790.211); Tue, 1 Mar 2005 08:55:54 -0800
>Received: from no.name.available by [205.206.231.26] via smtpd
>(for [65.54.190.230] [65.54.190.230]) with ESMTP; Tue, 1 Mar 2005 08:55:56
>-0800
>Received: from lists.securityfocus.com (lists.securityfocus.com
>[205.206.231.19])by outgoing2.securityfocus.com (Postfix) with QMQPid
>4E67214A257; Tue, 1 Mar 2005 09:20:06 -0700 (MST)
>Received: (qmail 6188 invoked from network); 1 Mar 2005 14:39:54 -0000
>X-Message-Info: JGTYoYF78jHoRaYbODNKwCx1zErpwL0JfcqLE5Kg/e4=
>Mailing-List: contact security-basics-help_at_securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <security-basics.list-id.securityfocus.com>
>List-Post: <mailto:security-basics_at_securityfocus.com>
>List-Help: <mailto:security-basics-help_at_securityfocus.com>
>List-Unsubscribe: <mailto:security-basics-unsubscribe_at_securityfocus.com>
>List-Subscribe: <mailto:security-basics-subscribe_at_securityfocus.com>
>Delivered-To: mailing list security-basics_at_securityfocus.com
>Delivered-To: moderator for security-basics_at_securityfocus.com
>User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
>X-Accept-Language: en-us, en
>References: <20050228020412.123.qmail_at_web90008.mail.scd.yahoo.com>
><200503010322.28034.security.department_at_tele2.ch>
>Return-Path:
>security-basics-return-32887-koremeltdown=hotmail.com_at_securityfocus.com
>X-OriginalArrivalTime: 01 Mar 2005 16:55:54.0653 (UTC)
>FILETIME=[884FACD0:01C51E7F]
>
>It would be easy to google what you need.
>There's no definite way to secure a webserver, though there are some basics
>like hardening your kernel and installing only what is really required.
>Also follow the security doc of your webserver (like apache's, if that's
>what you are using).
>If you have any specific questions, shoot back and you will get solutions
>from this wonderful list.
>Good Luck
>Aman Raheja
>
>John Doe wrote:
>
>>Am Montag, 28. Februar 2005 03.04 schrieb Kurt Leum:
>>
>>
>>>sorry to be so noob,
>>>
>>>A friend of mine set up a webserver:
>>>http://www.globalgamesearch.com
>>>problem is, he and I have no idea how to go about
>>>securing it;
>>>
>>>
>>
>>Unfortunately I can't provide very much help to your question below;
>>just wanted to say that it's a bad idea to give out the address of a
>>server to a security list and stating it is insecure.
>>
>>There are a lot of people with high hacking capabilities reading this
>>list, some of them could (theoretically) use the server as a target
>>without searching for vulnerable servers.
>>
>>But maybe your idea with this mail is to attract penetration testers???
>>
>>
>>
>>
>>>he started with SuSE Linux 9.1 with Apache 2.0, PHP
>>>4.3.1, and MySQL out of the box and put it up.
>>>
>>>about half an hour ago, an intruder broke in, replaced
>>>SSHD with a back door, and pretty much screwed the
>>>system up.
>>>
>>>
>>
>>basic tips:
>>
>>- don't use the standard port 22 for sshd
>>- restrict the IPs allowd to contact sshd if possible
>>- eventually use some port knocking to secure sshd
>>
>>
>>
>>>We're going to reinstall the system with minimal
>>>programs, extremely secure permissions
>>>
>>
>>good idea
>>
>>
>>
>>>and a basic firewall
>>>
>>>
>>
>>Not clear what you mean by basic.
>>
>>If possible, when configuring the firewall, start by deny everything; then
>>allow, step by step, what's absolutely necessary.
>>
>>
>>
>>>, but beyond that we have no clue what to do. Can anyone here please help
>>>me out on this?
>>>Thanks in advance for any help.
>>>
>>>
>>
>>beyond that... difficult. Wait for answers of real cracks :-)
>>
>>greetings joe
>>
>>
>>
>
Received on Mar 03 2005
Intro
