Fedora acting as web server

dtournas · 01-28-2005, 11:52 AM

Hi, I have setup a box with Fedora Core 3 and I have some questions.

1) I made a user "bob". No privilages no nothing. I want him to be the only one able to ssh the box. Is this possible?

2) I use this box only as webserver. I want to restrict all in/out coming traffic. I use Apache, sendmail, MySQL, FTP and ssh. So I assume I need open ports: 80, 25, 3306, 21 and 22. How can I close everything else?

3) How can I be sure that the "root" cannot connect from the "outside world" with the MySQL for security reasons?

Thank you!

david_ross · 01-28-2005, 12:41 PM

1) Yes, you may want to place him in a jail though depending on what you want him to do once logged in.
2) There are quite a few iptables tutorials but something simple would be:

Code:

iptables -F                                                # clear existing rules
iptables -A INPUT -p tcp --dport 80 -j ACCEPT                    # allow http
iptables -A INPUT -p tcp --dport 25 -j ACCEPT                    # allow smtp
iptables -A INPUT -p tcp --dport 22 -j ACCEPT                    # allow ssh
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT            # allow loopback
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # allow established
iptables -P INPUT DROP                                           # drop everything else

To stop root from connecting anywhere just delete the "root@%" user from the mysql user table. Obviously make sure you have a "root@localhost" accout first.

dtournas · 01-28-2005, 12:45 PM

Incredible!! Thank you for your reply!