Web Hosting Talk : Web Hosting Main Forums : Dedicated Server : security, learning linux admin stuff

I was wondering if we all might share what we've learned about securing the servers we own.

I would share two things:

First, I recently got the Red Hat Linux Bible. It got some so-so reviews at Amazon, but when I skimmed it at the bookstore, it had a whole section on FTP and locking out anonymous accounts and so on. So I spent yesterday securing FTP on my machine, and turned on logging (which I thought was on by default, but was not).

Second, I've been reading this online Linux Admin Guide, mostly part 5:

http://sunsite.auc.dk/linux-newbie/index.htm

I liked the hints for making passwords more secure, although the company I use (Atjeu) has apparently already set the password stuff to "paranoia" level, so there isn't much I can do to improve it. It was fun trying, though.

Anyone else want to contribute good info?

er... I meant that I've been using Part FOUR, not 5. Silly typo, sorry....

[Learner]

http://www.techcellence.net

Duster, who is a regular member of this forum, has compiled a list of very easy-to-understand and informative articles pertaining to the subject of webhosting.

Also, tell me... how would you "personally" rate the Linux Bible... 5 ***** ?????? or less ?????? Is it good enough for a newbie not knowing much about Linux at all?

I have heard good reviews too about this book in this forum. But wish to make sure if it would be a good choice for a FIRST BOOK on this subject.

Learner

[Duster]

I've got the Red Hat Linux Bible by Christopher Negus. I wouldn't recommend it. There are better books, both for beginners and more advanced users. Red Hat Linux Unleashed is a more often recommended tome.

I wrote a review of the book for Amazon yesterday. It's not posted yet, though. But basically, I gave it four stars (I didn't give it 5 stars because there were some obvious typos).

I guess the answer is, if you're like me, it's 4 stars. If you're not like me, it's probably 3 stars. I have worked with Linux, as an end-user via telnet and shell, for about 5 years, maybe 6. My first book was Linux Secrets First Edition, and it wasn't so good. I got Linux for Dummies about 3 years ago when it first came out, and that actually was my real "beginner" book. It was very helpful in teaching me how to use vi, pico, and even a little shell scripting.

At this point, I'm moving from "the guy who would telnet to a server and edit a HTML file in pico" to "the guy who set up the server, installed the software, and secured the system." I know most of the shell commands, know how to use pipes, know how to do an install, and have used X windows. For someone who needs to go from that to mapping out the filesystem, removing insecure services, doing security checks with Tiger, adding and removing accounts, and so on, well, yeah, I think Red Hat Linux Bible is pretty good. My only complaint would be that it's too broad -- chapters 4-9 are mostly about the desktop and workstation stuff (even games). But the install chapters and the later chapters are great.

For real security, I bought Maximum Linux Security. It's good, but I am just not at that level yet.

[Félix C.Courtemanche]

If you are into optimization and security of RedHat 6.2 and 6.1, I highly suggest "Securing and Optimizing Linux: Red Hat Edition " which can be found at http://openna.com/books/book.htm for download or to buy it

It is written for medium-advanced linux users but always keep in mind the installation and optimization of many services, from sendmail to apache, to php4, to tripwire, etc.

It is very good and interesting.

<edited> direct link to the pdf: http://www.openna.com/books/Securing...dition-1_3.pdf </edited>

That book PDF is sweeeeet! I circulated the link around the company I work at, and note that the laser printer has spent the last hour churning out copies for interested people.

Here is a cool security trick. Yesterday while learning about my server logs, I read through the file at /var/log/messages, and saw a bunch of code followed by a very scary line: "POSSIBLE SPOOF/HACK ATTEMPT!" I hadn't yet installed Tripwire, so I had NO WAY TO TELL if the hacker had succeeded in breaking in and changing stuff. So here is the trick for Red Hat users: rpm can verify a virgin install, checking the md5 checksum, mod dates, and so on. So I typed in:

rpm -Va

That tells rpm to verify all packages installed. I'm thinking, any file that was tampered with, it'll show up. The problem I had was that, since it checks every file including config files, TONS of config files which were legit started showing up as modified. But also files like "ls" and "ps" were showing up as modified, so after weeding out the config files, I was still freaked. I called tech support, and the guy who talked with me (Todd) actually had a machine with a fresh install there, and he ran an rpm verify on it, and we started comparing changed files. Turns out they modify "ls" and "ps" and some other files, so I was much happier.

Anyway, I guess learning about security has been rather timely for me. Other things I've learned in the past two days include getting "Internet Helper 1.5" for my Macintosh. It's a port scanner, and I pointed it to my server and had it scan the thing. It found that I had normal ports open, like 23 (Telnet) and 80 (Web). But it also found I had port 515 open, which is open for print requests, but I'm not running a print server!

This URL is helpful too:

http://secinf.net/info/unix/linhowto...ity-HOWTO.html

One last thing -- if you have a normal install of Red Hat 6.x, and your hosting company doesn't maintain it for you, you are probably running with 2 or 3 big security holes enabled by default, including a bug in Wu-FTP that gives root access. There is an easy fix I found. Go to redhat.com's support page, then the security fixes page, and download ALL the fixes to your server. Then type:

rpm -Fvh *.rpm

...and what will happen is that any program you're running that needs an update will get it, and unneeded updates will be ignored (if you aren't even running the software, for example). This was a great way for me to get my server all patched up fast, without ending up with extra software installed that wasn't there in the first place.

[Félix C.Courtemanche]

welcome in the dream world of linux, optimisation and security
either you like it or you hate it

[kunal]

Well since the topic is Security, how and where can one find information on particular bugs and how they are implemented? So you can work on some of your own patches? For eg. I have been trying to find info on various 'Format String Attacks'. Any ideas?

[Félix C.Courtemanche]

look at :

http://packetstorm.securify.com/

and follow their links in the link section as well... you should be able to find anything on anything.

Interesting development: slashdot got hacked yesterday. The people who broke in actually put up a post on the server for people to comment on. That's here:

http://slashdot.org/article.pl?sid=00/09/29/0231248

But the more interesting post came later, when the admins for the slashdot server admitted being hacked and then all sorts of people started posting security tips (and rants):

http://slashdot.org/articles/00/09/29/1245218.shtml

Cool stuff. One of the tips I got was to use PHP to do an MD5 hash of the passwords I store in MySQL. Never even understood what the heck that was until just now.

[Annette]

Not the server itself, but the software used to power the discussions and news (slashcode). Apparently someone left in the default god username/password and....well, we all know how that ends.

[Duster]

I've got some links to security sites on mine. I had my server cracked a few months ago and have been learning much more about security. There are a few newsletters worth subscribing to also.

Security is an ongoing issue. As the Slashdot article poitns out, it starts at the simplest levels (user name and password). Retired and insecure programs should be removed from the server.

There are a number of common passwords that should never be used. They include god, love, and a few others I don't recall at the moment.

Also, when installing any program, immediately change or eliminate the default login and password.

It is better to be safe than to be sorry.

A few hackers (really crackers) are imprisoned, but many more get away with their activities, at least for awhile. There was a news report in our local paper of a cracker (reported as a hacker) who got a 6 year prison sentence. Let them get cracked in prison (and I'm not talking about their computers) and they may get a different perspective on things.

[Matt Lightner]

I have five books on Linux security on my shelf. I would have to say that the best, by far, is "Hacking Exposed - Network Security Secrets and Solutions" by Stuart Mclure, Joel Scambray and George Kurtz.

Despite the what the title indicates, it also has sections dedicated to system hacking, as well as software hacking. It tells you about all the different types of attacks that hackers/crackers will try to use to access your system, and what you can do to prevent them. In addition, it is extremely easy to read, and even entertaining at times (which is not an easy feat when the topic is 'security').

I bought it at my local bookstore.. but I'm sure that they will have it on Amazon.com. Check it out and let me know what you think!

Matt
mlightner@site5.com

[BC]

Matt,

Actually I have that book sitting on my bookshelf next to me too. Absolutely superb book with excellent details, and its coverage of the Mitnick/Shimomura attack was engrossing reading. Of course, it was even better when I read Shimomura's personal account of the attack and his subsequent trapping of Mitnick in Readers Digest...