I have minimal Linux experiences (still learning) and would like to know what steps should I take to secure my new server? And how do I detect if someone's trying to hack into my server?

Should I always upgrade the Linux/Apache/kernel versions to the latest ones?

I hope it's not too hard to learn it :)

Thanks in advance!

It is not hard but it will need your persistence, patience, interest and time :). A good starting point is to visit sites like http://www.linuxdoc.org, http://www.linuxsecurity.com, http://www.securityfocus.com.

Thanks, I just bookmarked them all :)

However, what I originally wanted from my post is to get a quick and easy tips, e.g. a step-by-step instruction of what to do to secure my server, what commands should I run to check if someone's trying to break in, etc.

I know that I can check the web sites you mentioned, but it would need at least two weeks for me to understand what they are talking about.
I guess I've been way too long using Windows :D

Is it secure enough for my server just to always upgrade the Linux/Apache/kernel versions to the latest ones?

My favorites:

http://www.linuxdoc.org/LDP/nag2/
http://www.linuxsecurity.com/docs/colsfaq.html

Some simple things -
1) Use portsentry.
2) Do not run unwanted services. If you have imap, linuxconf etc... enabled and do not use it... Close these services.
3) Remove all unwanted software.
4) disable telnet (use only ssh)
5) Disable root logins in ssh
6) Keep a very complicated password
7) disable mysql root login without a password.
...... These are just a few to start with...

No need to recompile apache,kernel etc. everytime an update is released... This is Linux not windows... :)

Have a great day :)


regards
amar

Originally posted by twrs

However, what I originally wanted from my post is to get a quick and easy tips, e.g. a step-by-step instruction of what to do to secure my server, what commands should I run to check if someone's trying to break in, etc.


I found that Linux Security Quick Reference Guide from linuxsecurity.com is a good starting point. http://www.linuxsecurity.com/docs/

Originally posted by bobcares
Some simple things -
1) Use portsentry.
2) Do not run unwanted services. If you have imap, linuxconf etc... enabled and do not use it... Close these services.
3) Remove all unwanted software.
4) disable telnet (use only ssh)
5) Disable root logins in ssh
6) Keep a very complicated password
7) disable mysql root login without a password.


Some quick questions:
- what's portsentry?
- how to disable root logins in ssh? why should I disable it?

Originally posted by priyadi

I found that Linux Security Quick Reference Guide from linuxsecurity.com is a good starting point. http://www.linuxsecurity.com/docs/

Thanks, I'll start reading it now... :)

To know more about portsentry go here.
http://www.psionic.com/abacus/portsentry

Root logins must not be there from a remote location. It can be dangerous. All you have to do is go to sshd_config (mostly in /etc/ssh/ and write
PermitRootLogin no
That's it..

have a great day :)

regards
amar


Originally posted by twrs


Some quick questions:
- what's portsentry?
- how to disable root logins in ssh? why should I disable it?