I am running Red Hat 9, and I want to host a webserver and an ftp server. I just started with Linux, but I am learning things quickly. My question is aimed toward security and how to update the programs I am running.
I have a di-604 router for my LAN, and it only forwards ports 80 and 21 to my server. It also blocks WAN pings and uses a non-default password. My first question is, should my server get hacked, is there any possibility that the other computers on the network could be hacked as well? e.g. somehow make the router forward the port to another computer? This is just a home network and the other computers are running Windows XP and only sharing printers. Also, I'm not running samba on my server.
I put up my server and got hit with stuff within 2 days, so Im pretty concerned with security now. My apache log file has things like these:
(link to college in india) - - [19/Jan/2006:15:09:54 -0600] "POST /xmlrpc/xmlrpc.php HTTP/1.1" 404 292 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1
cpe-65-185-150-255.midsouth.res.rr.com - - [18/Jan/2006:19:31:36 -0600] "POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 403 303 "-" "-"
My router log files also indicated that it blocked SYN flood attacks.
I am running apache 2.0, should I upgrade to 2.2? And from reading Hacking Linux Exposed (which is over my head in a lot of respects) there are possible security issues with improperly configured php and cgi, both of which I don't need, so should I comment out those modules in the apache config?
Other precautions I have taken (before the attacks):
Setting RedHat firewall to medium
for vsftpd block anonymous ftp access
for vsftpd only allow my user name
used strong passwords
for apache disabled folder browsing
ran up2date and installed all the new packages
I read about the insecurities of ftp and wanted to update my version of vsftpd. Since RH is no longer supported, there are no rpms. I am not very familiar with the tar.gz stuff, but can manage. I looked for documentation but couldn't find anything on upgrading from an old version, only installing it like it were new. My vsftpd rpm is version 1.1.3-8 and the new vsftpd is like 188.8.131.52 or so. Can someone walk me through this process? Is the old version going to be overwritten? Can both versions exist in different places? How do I handle this? I looked at the make file contents, and it didn't look like it was going to install stuff to where my current vsftpd seems to be. I figured this was because it was a generic source file(or binary?) and not specifically for RH? Also if I screwed up, I wouldn't know how to get my old vsftpd back, but I understand keeping things up to date is very important.
Are there any other precautions I can take for my two services (apache and vsftpd)? Im pretty much terrified to attempt to run any other services now, because I could configure them incorrectly since I don't really understand everything yet. Thanks so much.