|
Newbie: Security and Updating programs
Hey,
I am running Red Hat 9, and I want to host a webserver and an ftp server. I just started with Linux, but I am learning things quickly. My question is aimed toward security and how to update the programs I am running. My Setup -------- I have a di-604 router for my LAN, and it only forwards ports 80 and 21 to my server. It also blocks WAN pings and uses a non-default password. My first question is, should my server get hacked, is there any possibility that the other computers on the network could be hacked as well? e.g. somehow make the router forward the port to another computer? This is just a home network and the other computers are running Windows XP and only sharing printers. Also, I'm not running samba on my server. I put up my server and got hit with stuff within 2 days, so Im pretty concerned with security now. My apache log file has things like these: (link to college in india) - - [19/Jan/2006:15:09:54 -0600] "POST /xmlrpc/xmlrpc.php HTTP/1.1" 404 292 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)" cpe-65-185-150-255.midsouth.res.rr.com - - [18/Jan/2006:19:31:36 -0600] "POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 403 303 "-" "-" My router log files also indicated that it blocked SYN flood attacks. Apache ------ I am running apache 2.0, should I upgrade to 2.2? And from reading Hacking Linux Exposed (which is over my head in a lot of respects) there are possible security issues with improperly configured php and cgi, both of which I don't need, so should I comment out those modules in the apache config? Other precautions I have taken (before the attacks): Setting RedHat firewall to medium for vsftpd block anonymous ftp access for vsftpd only allow my user name used strong passwords for apache disabled folder browsing ran up2date and installed all the new packages vsftpd ------ I read about the insecurities of ftp and wanted to update my version of vsftpd. Since RH is no longer supported, there are no rpms. I am not very familiar with the tar.gz stuff, but can manage. I looked for documentation but couldn't find anything on upgrading from an old version, only installing it like it were new. My vsftpd rpm is version 1.1.3-8 and the new vsftpd is like 2.0.0.4 or so. Can someone walk me through this process? Is the old version going to be overwritten? Can both versions exist in different places? How do I handle this? I looked at the make file contents, and it didn't look like it was going to install stuff to where my current vsftpd seems to be. I figured this was because it was a generic source file(or binary?) and not specifically for RH? Also if I screwed up, I wouldn't know how to get my old vsftpd back, but I understand keeping things up to date is very important. Are there any other precautions I can take for my two services (apache and vsftpd)? Im pretty much terrified to attempt to run any other services now, because I could configure them incorrectly since I don't really understand everything yet. Thanks so much. |
First of all, a router is not enough security for services to the public over the internet. Just do yourself a favor and get an old scrap heap computer for $25 on eBay, and put three network cards in it. You need a 2 GB HDD, 64 MB ram, an Intel Celeron 600, if that, and a bootable cdrom drive. These systems are dirt cheap. Get smoothwall firewall, burn it to a CD, and install it. Get a plain old hub, and put that off the smoothwall firewall box. That is barely enough security not to get hacked, but it is enough. This method of firewall is the difference between walking through a piece of wet tissue paper(router) and walking through 3/4" plywood(smoothwall). Just make sure you read the smoothwall logs every day. You usually get entries for days before any breach, and by that time you already sealed of the IP, and that IP gets 100% blocked. Blocking by IP is pretty handy. I was getting bombarded so bad from china my system was slowing up on the internet. I just went and look at the logs and they were all coming from 222.000.000.000/0.0.0.0. So, I banned the whole thing. Took care of that problem in two minutes. I'm a home user, I run some servers. I like the dedicated firewall box. That's like tank plating for your servers.
|
Also, get something more recent than Red Hat 9, which is ancient and only supported by the Fedora Legacy project. I'd suggest the latest release of CentOS, which is a free repackaging of Red Hat Enterprise Linux. Chances are if any smart cracker gets onto your Web server, he or she will proceed to attempt to break into the other computers on yopur LAN. It doesn't matter what your server is running -- once the bad guys get pontpo it, they can upload any cracking tools they want to try to get at the rest of your network.
|
Ok, I have two computers lying around that I could use for this. They both are running Windows 98, will that work? I don't understand putting three network cards in the computer and also using a hub though. Also can I still use my router? I've had it for 2-3 years and it hasn't done me wrong yet. Is this how the setup looks?
internet<-----firewall computer (smoothwall)----->router----->lan computers I just looked at the site. Is smoothwall an OS in itself? Also, I've barely gotten the hang of RH9, and you want me to change to a different distribution when I just got everything set up? :cry: I only have a limited amount of time to get this thing up and going. I am going overseas for 5 months on Feb 3, so I will also not be able to easily check IPs and block them. |
Probably he suggested three network cards so you can separate you server on a separate subnet and set up rules to keep it from attacking your other machines should it be broken into. That's called a DMZ in firewall terminology.
CentOS won't be very much different from RH9. Really if you got one set up the other should be very easy. It's always good to use the latest versions of things. Red Hat 9 is more than two years old now and as I said only supported as a legacy product. |
| All times are GMT -5. The time now is 06:04 PM. |