Hi I am very familier with setting up boxes and running them... but i don't know much about securing them.... is up2date securing my box? I don't think so becuase there are exploits all over... i want to know any commands that will update my redhat... and any place where i can get updates and patches for exploits... thanks in advance.

Originally posted by Paint
Hi I am very familier with setting up boxes and running them... but i don't know much about securing them.... is up2date securing my box? I don't think so becuase there are exploits all over... i want to know any commands that will update my redhat... and any place where i can get updates and patches for exploits... thanks in advance.

1. Fdisk
2. insert w2k server cd
3. reboot
4. http:/windowsupdate.microsoft.com
5. hfnetchk.exe everyday via a vbscript that emails the output to you

Windows Rocks

It's just that easy!

Please.

Dont even get me started.

Oh by the way..

You forgot the 10 other reboots in between every software and driver install. Lets be fair.

Sorry, but uptime means something to me.

nope, qchain.exe - 1 reboot (most of the time)

regardless, w2k server reboots in < 1 min on most machines I have

I've seen that lilo or whatever it's called take 2-3 mins

sorry i don't like windows that much... i was wondering mostly for linux thanks

You forgot the 10 other reboots in between every software and driver install. Lets be fair. Good thing you never have used Windows :)

<edit>
nah
</edit>

Originally posted by nikko


1. Fdisk
2. insert w2k server cd
3. reboot
4. http:/windowsupdate.microsoft.com
5. hfnetchk.exe everyday via a vbscript that emails the output to you

Windows Rocks

It's just that easy!

Ho wait... Whats this wierd process?
Virus? backdoor?

Ho wait.. oops here's another windows bug..

Ho wait.. I connected to aim.. why my disk space getting full all of a sudden.. and my bendwidth drop.. Couldn't be someone install warftp on my server I'm running windows...

Originally posted by Paint
sorry i don't like windows that much... i was wondering mostly for linux thanks

:) I figured, just keepin it real on WHT:)

Originally posted by Paint
Hi I am very familier with setting up boxes and running them... but i don't know much about securing them.... is up2date securing my box? I don't think so becuase there are exploits all over... i want to know any commands that will update my redhat... and any place where i can get updates and patches for exploits... thanks in advance.

Ignoring the Windows "side discussion" for the moment....

up2date will handle software updates WHEN RedHat RELEASES THEM (which may be after the actual product has been patched.) It will not however "secure" your machine. For that - you need to:
o "Correct" settings in your config files
o "Correct" settings in IPTables for firewall security
o "Correct" permissions/security on all critical files.

I would also recommend running Nessus (www.nessus.org). It will do a good job of checking for known obvious holes. (I.e., you should run it yourself before somebody runs it against your box for their own "purposes".)

And now my one "comment" about the Windows side discussion (and yes - I've run, maintained, and secured Windows environments): How come everytime there is an IIS exploit, people are able to overwrite operating system files when IIS supposedly "runs" from an unprivileged account?

because of a previous post (rant) imade today http://www.webhostingtalk.com/showthread.php?s=&threadid=95532. People don't secure their servers. Being a BAD admin is very different than being properly patched. If you don't have a root password on your linux box do you have an exploit or a bad administrator?

There's a difference between exploits and somebody that finds a quick and easy way to test for blank passwords or poor ACL policies.

Patched/Updated Win2k boxes with no administrator password is a bad as a patched linux box without an administrator password.

...

How come everytime there is an IIS exploit, people are able to overwrite operating system files when IIS supposedly "runs" from an unprivileged account?It's called poor administration and not knowing how to secure the server.

Linux is just as bad with security.

Originally posted by nikko
nope, qchain.exe - 1 reboot (most of the time)

regardless, w2k server reboots in < 1 min on most machines I have

I've seen that lilo or whatever it's called take 2-3 mins

You obviously never set up a Linux box properly then. Most of my home machines (I have 10 Linux, 1 Windows, if only because Counter-strike runs smoother on Windows than it does on Wine for Linux) will be ssh accessible within 20 secs of being turned on.

I guess I'm just a, hrm, geek? *shrugs*

Stuart

Rgr that!

Originally posted by Paint
Hi I am very familier with setting up boxes and running them... but i don't know much about securing them.... is up2date securing my box? I don't think so becuase there are exploits all over... i want to know any commands that will update my redhat... and any place where i can get updates and patches for exploits... thanks in advance.

Firewalls are your friend for starters. Set one up, run a general Nessus scan on your machine, patch, run the scan again, patch, you get the drift. If you don't know how, hire someone to do it. Besides myself, there's also Boxadmin and a myriad of others (post in the Job Offers forum and you'll get a stack of replies).

up2date will upgrade packages released from Redhat in RPM form. I personally don't class it as overly useful, but that's just me. If you want to keep up to date with exploits, signup to bugtraq, there you will find advisories posted (generally with solutions) and you can actively maintain your server and avoid exploitation.

Hope that helps,

Stuart

Patched/Updated Win2k boxes with no administrator password is a bad as a patched linux box without an administrator password.

The difference being, that Win2K would allow it, Linux wouldn't. Ahh sad sad sad indeed.

Stuart

Originally posted by RackMy.com
It's called poor administration and not knowing how to secure the server.

Linux is just as bad with security.

BWHAHAHAHAHAHHAA.

Look at the track record. M$ has ALWAYS released their Windows with bugs and exploits in the default install. Admittedly, some Linux distro makers have done the same (ala Redhat) but the two things that came to mind that made it different were;

1) Linux gurus have since HATED Redhat for doing it, and Redhat is learning, slowly, but still learning.
2) When Redhat released a dodgy install it was OUT OF THE ORDINARY, when M$ releases a Windows version it's EXPECTED that we visit Windows Update because there WILL be bugs to be fixed.

Stuart

This is a good thing to start with, type "nmap localhost" from a shell inside the server.

You should see everything that your server is listening to (service/port).

Then try your best to keep up on those (pathces and security issues that is), they are the most typical entry points. It is rare that the user misbehaves, but possible too. up2date will help. I would also like to suggest that you subscribe to a good mailing list "butraq@securityfocus.com". It will tend to keep you informed (perhaps too informed and paranoid like me).

These are good places to start. Next I would go to linuxguruz.org and read up on iptables (superior to ipchains).

You will have to maybe do some adjustements if your dist came with ipchains. Ipchains is good too, but not as good as iptables.

I would block all entrys not inititated by your server to ports that you do not offer services on. Also, determine which service you really need available to the whole world

hope this helps :)

I would just like to thank you guys... you have been a great help. And also helped people with the same questions as me!