I started a similar thread to this one on the burst bb but since there aren't too many users there yet, I figured I'd duplicate it here. I have a burst server and would like to start this thread for us all to share tips on securing our server. Here's the little I know just to get us started:
Take a *nix class on administration. :) (Anyone have tips on where they give GOOD classes?)
1. Make sure you are using the latest distribution of Linux that is compatible w/ WHM. 2.47
2. Whenever you telnet in, use Secure telnet to scramble your password.
3. Check out http://www.securityfocus.com/ for the latest.
Voodoo Web
08-09-2001, 03:43 AM
In my opinion it is not important to have the latest distro installed. Because there were versions of linux "without" security holes. The new distro comes with new features/code and maybe with new security holes.
So if you have a secure installation don't change it!
What can you do now to secure your server?
1. Remove all services/progrrams you don't need.
2. Put insecure programs in a chroot or search for alternatives.
3. Check all file permissions
4. Don't forget users with an account on your system
5. Check your logfiles!!!
6. And watch out for security holes/fixes
- domi
XTStrike
08-09-2001, 03:46 AM
a point would be to make SSH (Secure Shell Host) your shell and to disable telnet or secure it to allow access from a single IP address.
also, use, /etc/hosts.allow and /etc/hosts.deny to limit access to FTP/SSH/SQL services on the box, this limits the amount of IP's/hosts that have permission to do anything, even if your box is insecure this acts as a deterrent.
ensure all ports that are not required are CLOSED, you can check this by installing NMAP on the server and running "nmap localhost", this will tell you everything that is open, then goto inetd.conf and edit the file to remove any services that arent required (be careful when editing this file)
To re-read the file and take on new settings type: "killall -HUP inetd"
check the security of the directories on the box and make sure nothing looks out of place within the web structure.]
thats everything i can think of for now !
JBIZ718
08-09-2001, 03:48 AM
A good way to secure your web server is to take it offline.
That way no one can access it, overall even if take every measure to secure it, nothing you can do will totally secure the whole server
Overall there will be some vulnerabilities
Joe
Originally posted by Voodoo Web
Check your logfiles!!!
Which ones are most important?
May be worth having a script email it to you.
P.S. JB, ok your point is granted u can't secure a box 100%, it's pretty obvious & no one said it couldn't. I wish u would have offered something more constructive than that advice no one who runs a webserver needs.
JBIZ718
08-09-2001, 04:05 AM
More constructive
OK
1. Turn off Anonymous Ftp
2. Limit Front Page Ext, only if needed
3. Limit Telnet, only if needed
4. Do not allow IRC bots
5. Change Password to Root and what not every month
6. Find out as much info about each client.
Overall this has seemed to keep us from getting hacked and dealing with large security issues like the CODE Red worm
Also have techs that know what there doing, and make sure your server is configured and ready to go before it goes online, it would be wise to secure the machine before you send it too the wolves
Is that better
Joe
Voodoo Web
08-09-2001, 04:15 AM
Which ones are most important?
All are important!!
Check /var/log/syslog, the Apache access log if you use cgi-scripts and ftp transfer log periodically. Maybe there are more important system log files but I don't know them.
I don't know what log files Linux have because I use FreeBSD.
My server send me every night an e-mail with events that affect the server security. I'm sure you can setup this on Linux as well.
And have a look that nothing runs as root if it isn't necessary.
- domi
Linuxsecurity.com is one of the best resources out there.
node9
08-09-2001, 10:41 AM
Originally posted by JBIZ718
More constructive
OK
1. Turn off Anonymous Ftp
2. Limit Front Page Ext, only if needed
3. Limit Telnet, only if needed
4. Do not allow IRC bots
5. Change Password to Root and what not every month
6. Find out as much info about each client.
Overall this has seemed to keep us from getting hacked and dealing with large security issues like the CODE Red worm
Also have techs that know what there doing, and make sure your server is configured and ready to go before it goes online, it would be wise to secure the machine before you send it too the wolves
Is that better
Joe
lol
it is not smart to have telnet running, at all.
Sorry
