I am a newbie, and I want to secure my server.
What steps should I take to do so.
I have the Intel 1 gighertz with 2, 40 gig harddrives.
I know I should install Open SSH, but I do not know how.
If anyone is willing to help me out, it would be great.
I am on redhat 7.1

Please help me out because i am :confused:

I am guessing you are runing Linux or perhaps a Unix based operating system. I would first start off with installing a program like portsentry and logcheck ( available here: http://www.psionic.com ). A firewall would also come in handy. Something like IPchains, which might already be installed on your server. I would also keep up to date on any recent patches for software you are running.

Using SSH is an excellent option to Telnet, however, note that services such as ftp are not as secure and you will be transfering your account data in plain text, this way.

Make sure you read through your log files. Do not allow relaying of your mail server. Monitor the running processes by using a program like top regurlarly. And if you are stuck on something, ask for help!

My best piece of advice is to not take on the attitude that "It won't happen to me", because it can and in a lot of cases will.

here are a couple of my favourate security related links:

http://www.antionline.com
http://www.packetstormsecurity.com

I hope this helps.

If you are using Linux, there is a lot of beginner style guide on http://www.linuxsecurity.com. I like their security reference card. Even if you don't use Linux, it might still be useful for you.

I am a total Unix newbie.
How hard would it be to install portsentry and OpenSSH.
I also would like to add a firewall, please give me suggestions.
Please help me out here.

If you are really a total newbie, I suggest you first learn about the o/s in general. There are a lot of good reading materials on http://www.linuxdoc.org.

1. Install PortSentry with LogCheck
2. Use OpenSSH not TelNet
3. Recompile the kernel and get rid of all the useless BS like sound support.
4. Don't use RedHat
5. Use Solaris or Unix.
6. Don't use the latest version of software 'cause that's the one being under attack.
7. Install Bastille.

Those are some things you might want to check into.

Originally posted by Ju-87

1. Install PortSentry with LogCheck
2. Use OpenSSH not TelNet
3. Recompile the kernel and get rid of all the useless BS like sound support.
4. Don't use RedHat
5. Use Solaris or Unix.
6. Don't use the latest version of software 'cause that's the one being under attack.
7. Install Bastille.

Those are some things you might want to check into.

Well, those are some really questionable points. 'Don't use Redhat' and 'Use solaris or Unix' don't make any sense to me, do you really think Solaris is better than Linux? It is more like an administration hell to me :).

The #3 is not absolutely necessary, as most parts of the kernel nowadays are in modules. If you don't use sound cards, then just don't load sound modules. No need to recompile the kernel just to do that. Except if you are using an ancient kernel where sound support is not modular, then your point would make more sense :).

The #6 is even more questionable. If the old version of a software I'm using is vulnerable, then shouldn't I upgrade to the latest version?

Can you guys please be of more help?

check out this book:

https://www.openna.com/catalog/product_info.php?products_id=30

It's worth the $44.50.

Chris

After you disable all the un-needed services run nmap on your machine from elsewhere and see if there are still any other open ports. Disable all the ones you don't use.

You can disable many services by typing:

/usr/sbin/setup

Also go into your /etc/xinetd.d/ directory and look through all the files there. Put a disable = yes on all the ones you won't be needing.

Originally posted by iamdave
Can you guys please be of more help?

Have you looked at those URL from me and other posters? All the information you need are there.

Yes i have but I am still confused. Like I said I am a newbie, I need to secure my server now, I can't buy a book, wait for it to come then read 800 pages, then finally secure my server, I need to secure it NOW :confused:

I am VERY new to the *nix side of hosting and I can tell you all the infomation I need is the same information you have allready gotten. People can only help us so much before we just have to put out and do some reading of our own. I suggest install IPChains and SSH and then go read a book. Amazon has alot of good "Learning Linux Administration" books just pick the one you feel most comfortable with. I was born and raised on DOS so I think it was maybe a little easier if you are used to the command prompt. The your off to learning a REAL OS.

Good Luck..

Yes i have but I am still confused. Like I said I am a newbie, I need to secure my server now, I can't buy a book, wait for it to come then read 800 pages, then finally secure my server, I need to secure it NOW

Hire someone to do it for you. You need time to learn... I want my PhD NOW. I can't wait 2 years. Can you guys help me? :rolleyes:

Unless you are prepaired to read up I think you will have to pay out, or not have as secure a system as you expect to have.

http://linuxsecurity.com
http://linuxdoc.org

http://www.openssl.org/ - http://www.modssl.org/
http://www.apache-ssl.org/

http://www.openssh.com/

Originally posted by iamdave
Yes i have but I am still confused. Like I said I am a newbie, I need to secure my server now, I can't buy a book, wait for it to come then read 800 pages, then finally secure my server, I need to secure it NOW :confused:

You shouldn't be confused about this or why people didn't directly give you answers. There is no step-by-step documentation to securing a system. This isn't possible, since there's simply too many things people want to do, in too many different ways, and also run different services, etc. There's an incredible amount of things involved and to secure a system, you'll need a lot of knowledge and experience. You're right, that you don't have time to read all of that, so you'll have to hire a qualified person to do it for you, until you do posses te skills to do it yourself. That is your only choice, unless you want to risk learning and securing the system, in small parts, over a long period of time as you are in the learning process. There's no way anyone here can possibly just tell you what to do, and you should understand this.

I agree with Tim, everybody has different set of requirement and policy. What you consider as 'secure enough' might not be secure enough for other people or vice versa. Also, security is a process, not a job that could be done now and forget about it later. A system that is secure today, could become an 'easy target' a month later.

Originally posted by iamdave
Yes i have but I am still confused. Like I said I am a newbie, I need to secure my server now, I can't buy a book, wait for it to come then read 800 pages, then finally secure my server, I need to secure it NOW :confused:

Pay someone to secure it for you then. There are no shortcuts in life man...

wave, calm down, relax.
A phd has to be earned with hard work.
However, someone can explain to me how to install OpenSSH.
No need to be rude, just cuz im a newbie.
RELAX

lol. just because it says newbie doesn't mean they're stupid. haha

Here's my 2 cents:

1. Run RedHat's up2date utility to get everything to the latest version.
2. Shutdown all the services you aren't using by editing the configuration file for xinetd and using chkconfig. You might be able to use some of the information at http://www.netmax.com/fom/cache/374.html
3. Install SSH (www.openssh.org).

Originally posted by iamdave
wave, calm down, relax.
A phd has to be earned with hard work.
However, someone can explain to me how to install OpenSSH.
No need to be rude, just cuz im a newbie.
RELAX

I didn't get the impression anyone was anything but relaxed. If you want to install OpenSSH, simply download the source (or RPM) (found at http://www.openssh.org), uncompress it and change to that directory. READ the README and INSTALL files and they will tell you how to install it. It's all very simple. It builds just like anything else, just follow the instructions. It will tell you step by step. Be sure to not just scan over it, or you'll miss important factors, like setting up the init files and linking the run levels. Finally, you might be better off just instaling the RPM for it or anything else you need to install or update, which will set everything up for you. Good luck.

Originally posted by optix
lol. just because it says newbie doesn't mean they're stupid. haha

Of course it doesn't. Cheers!

Originally posted by iamdave
wave, calm down, relax.
A phd has to be earned with hard work.
However, someone can explain to me how to install OpenSSH.
No need to be rude, just cuz im a newbie.
RELAX

You are using RedHat 7.1 right? RedHat 7.1 comes with OpenSSH already, you don't need to install it manually. You might want to upgrade though, but it is only 2-3 command line away, no need to install from the source.

wave, calm down, relax.
A phd has to be earned with hard work.
However, someone can explain to me how to install OpenSSH.
No need to be rude, just cuz im a newbie.
RELAX

I am sorry if I came across as being rude. I didn't mean to sound that way. :) I used sarcasm to show what you wanted was unreasonable. Now OpenSSH is something we can help you on... use the update agent or look through these https://www.redhat.com/support/resources/howto/rhl71.html

Whatever...I dont care what any of you think I installed OpenSSH-it took me about 5 mins

Good for you! My advice is similar to some others you've read before:

- shut down all services you don't use
- look into up2date feature that RedHat provides, it's free for the first server
- set up ipchains firewall

up2date will keep all your important programs khm... up to date :) and will also cut down the time needed for the task. As to ipchains, I saw mentioned that you have RH 7.1, so I guess you are still using that and not iptables. Anyway, it's one of those two you want to set up. Just look arround for instructions, there are plenty on the net. You already have ipchains installed on the server, you just need to set it up.

When you have those three things acomplished, your server will be fairly secure. Apart from that: don't give shell access to anyone you don't know and trust, check your customers (if you do hosting) and server behaviour regularly and you have basic thing covered.

After you've accomplihed all that, look into snort and perhaps portsentry. If you set up ipchains correctly, portsentry is useless but snort can be valuable.

Ales

Can you help me install IpChain or IpTables on my server?

Usually any install of Redhat will come with Ipchains and/or Iptables. Check in your init directory and see if either or both are listed there. If so, start it and then type the path to the program (i.e., /sbin/ipchains -L) and see if it lists any rules (or empty rules), or if it gives you an error). Then try the other, for example, iptables and try the same thing. Most likely, you won't even have to start it to see if you have those options or ability to use them. The rules are simple and you can check the manual pages for help, or do a search and find information using your favorite search engine and the relevant key words. You will do this for a lot of things, or you'll end up needing a lot of help installing and configuring a lot of things. Keep in mind, that few people on this forum are really security minded and if you were to go to a security board and ask questions about what you should do, you'll get enough direction to keep you busy for years. This is barely even a start, is what I'm saying, you have to do a lot more and firewalls are a step, yes, but you're going to need a lot of information and help to get very far at all, of all of this is in vain.

http://forum.rackshack.net/forumdisplay.php?forumid=20

there's a great link to the rackshack security forum. there is a ton of information there regarding ipchains, pmfirewall, and much much more and how to install them. read a little and you'll figure it all out.

That for a RAQ, I have an intel plesk....arne't the configurations different?