hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Dedicated Server : making RAQ4 more secure
Reply

Forum Jump

making RAQ4 more secure

Reply Post New Thread In Dedicated Server Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 02-25-2003, 11:59 PM
Alexx Alexx is offline
Registered User
 
Join Date: Feb 2003
Posts: 14

making RAQ4 more secure


I have a few questions and if anyone has answers I would appreciate the help.

1. I have been told the RAQ4 I use is vulnerable and needs to be more secure. Can someone give me some pointers on how to make this a more secure box?

2. I want to turn off telnet, is openSSH the product to use to replace telnet or is there something better?


I have been researching the above on the web and then I came here.


Alexx



Sponsored Links
  #2  
Old 02-26-2003, 01:31 AM
SolidJoe SolidJoe is offline
I LOVE Cogent!
 
Join Date: Dec 2002
Location: California
Posts: 2,000
You can get the updates from the cobalt.com site - although they are generally pretty old. I would get all those (be sure and update through SSH, not the web client). Use the openSSH package provided by uh...pkgmaster.com I believe. Then be sure and turn off telnet. You can also update things manually, but be warned it can break the cobalt pretty easily...

__________________
I wish all my traffic went through AS174.

  #3  
Old 02-26-2003, 02:45 AM
Alexx Alexx is offline
Registered User
 
Join Date: Feb 2003
Posts: 14
SSH

There was a recent package (late 2002) with SSH from cobalt that had to be uninstalled. Is this related to the OpenSSH ?

The RAQ is updated to the most recent updates.

I want to make it more secure before I start to use MySql and ASP.


Alexx

Sponsored Links
  #4  
Old 02-26-2003, 01:38 PM
BruceT BruceT is offline
Web Hosting Master
 
Join Date: Nov 2002
Location: Michigan
Posts: 695
First, install all patches available at the SunSolve site. Install them from the bottom of the page to the top - they are listed newest-first, but the oldest patches need to be installed first.

The RaQ 4 patch page is at http://sunsolve.Sun.COM/pub-cgi/show...&nav=patchpage

Second, yes, install SSH. Both www.pkgmaster.com and www.solarspeed.net have free PKGs you can install through the UI. Having telnet enabled isn't inherently insecure -- there aren't any known exploits for it -- but if you use it, there is the chance someone can sniff your password or data since it's sent in clear text. Same for FTP -- if you install SSH, you get a secure replacement (scp).

The SHP (Security Hardening Patch) you refer to that had to be uninstalled added port scanning detection like the RaQ 550 has (and like the Qube 3 has in the Adaptive Firewall). Sun has never released an official SSH for RaQ 4.

There are lots of things you can do to harden your RaQ: install an ipchains firewall and block non-essential ports. Install chkrootkit, a log-analyzer, fcheck/tripwire, etc.

For MySQL read the security stuff on their site -- make it only answer to queries from the RaQ itself (no open MySQL port to the world) unless necessary. Set proper permissions for users, etc.

For ASP, get the 3.6.2 upgrade from ftp.chilisoft.com (_after_ you install all the Sun patches).

Any general Linux security site info will be relevant for the RaQ....

__________________
http://www.lamphowto.com/ - LAMP and LAMP+SSL HowTo
http://www.cobaltfaqs.com/ - Cobalt FAQs and HowTos

  #5  
Old 02-27-2003, 11:18 AM
mlegler mlegler is offline
Junior Guru Wannabe
 
Join Date: Feb 2003
Location: Zürich
Posts: 36
follows Bruce's advices; my additional 5 cents:
  • don't give shells to customers
  • disable SNMP (unless you need it for MRTG)
  • monitor perl/cgi scripts customers are installing (bad code is exploitable, e.g. the old FormMail.pl script)
  • restrict PHP with safe_mode = on and with open_basedir = "." in /etc/httpd/php.ini
Best regards

__________________
_~_
'¿') Meaulnes Legler
`-´ Zürich, Switzerland
http://WaveWeb.ch


  #6  
Old 03-14-2003, 06:46 PM
Alexx Alexx is offline
Registered User
 
Join Date: Feb 2003
Posts: 14
SSH installed

Thanks for all the info.

I have installed SSH on the server. How do I access this so I can learn to use it?

I am avoiding ASP, MySQL and PHP till later. One thing at a time.

Alexx

  #7  
Old 03-15-2003, 05:46 PM
Alexx Alexx is offline
Registered User
 
Join Date: Feb 2003
Posts: 14
I have installed putty on my comp.

Hopefully there will be a manual or something with this that I can use.

Alexx

  #8  
Old 03-15-2003, 09:34 PM
mlegler mlegler is offline
Junior Guru Wannabe
 
Join Date: Feb 2003
Location: Zürich
Posts: 36
Good! With PuTTY you'll have an SSH shell access for hacking into your configuration files. But sorry, don't expect to get help here on how to use the command line :-)

Regarding security, if you have all updates installed and don't use ASP, MySQL and PHP, you're pretty much set.

Best regards

__________________
_~_
'¿') Meaulnes Legler
`-´ Zürich, Switzerland
http://WaveWeb.ch


Reply

Related posts from TheWhir.com
Title Type Date Posted
Limestone Networks Launches IaaS Cloud Web Hosting News 2014-04-14 09:43:21
The Fixation on Warrantless Data Seizures Makes Prevention of Crime Harder Blog 2013-05-30 09:50:15
Malwarebytes Launches Data Scan-and-Backup Service Web Hosting News 2013-05-07 14:51:03
Mozilla Firefox 23 Will Block Mix SSL Content by Default Web Hosting News 2013-04-12 11:39:07
Secure-24 Names Vice President of Client Service Delivery Web Hosting News 2013-03-07 14:16:16


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?