Re: [Hampshire] Server Security

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMDamian Brasher at <-
.MJames Courtier-Dutton at ->

Reply to this message
Author: Imran Chaudhry
Date:  
To: hampshire
Subject: Re: [Hampshire] Server Security
> Thanks for all your advice. There is a lot to work through but I am
> grateful for the practical advice.
>
> One of the joys? of working with computers is getting something working
> and seeing a benefit. Sometimes you can achieve something with only a
> vague idea of what you are doing. Unfortunately these days you have to
> be on top of the game and there seem to be so many vulnerabilities to
> know about.
>
>
> Roger

Hi Roger,

Along with the good advice you've been given I thought I'd offer a few hints:

- As Ubuntu has it's roots in Debian it benefits from config files
that are normally commented helpfully for the sysadmin who is securing
the service. Normally there are sensible default settings. Also, you
can often just "man <config file name>" to get even more info about
configuring that service.
- Essentially a system is more secure with the less services running
on it. Run pstree and scrutinize the list for any services you do not
need (eg. NFS, samba).
- If it was me, I would also check for all the services listening on
TCP, UDP and Unix sockets so run netstat -tl, netstat -ul and netstat
-xl and scrutinize the list and question anything that looks like it
doesn't belong or unneeded.
- I can't remember if you were running MySQL and PHP - but if so, run
the mysql_secure_installation script as superuser. This is an
interactive script that will perform some basic hardening steps.
Ubuntu has the Suhosin patch for PHP which hardens it somewhat
(package name: php5-suhosin)
- If running Perl, run in Taint mode (-T on the shebang line)
- Run a script via cron to email you of updates available for all
installed packages and take action to update it regularly. With Debian
there is a helpful debian-check-updates script we use but hopefully
Ubuntu has something more polished in its repositories.

Once you've got a basic secure set-up...
- I would look at running denyhosts (package name: denyhosts), mainly
to frustrate the automated ssh login attempts. Make sure legitimate
hosts are whitelisted in it though.
- I would like to recommend an IDS (intrusion detection system) but
I'm fairly new to these. The one I am investigating is "aide" which
iseems to be the defacto, well maintained package for Debian. This
essentially provides detection of an actual break-in and integrity
checks.

Hope that helps.

Securing external-facing systems is a big topic in my final LPI-2 exam
which I am hoping to sit and pass next week.

Im


This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] iplayer and BBC licence fees (again)[Hampshire] Restore native Xandros to Eee PC 901->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)