Hello
I read this thread through and thought I would get involved. I will be running a website in the future off of my machine and am concerned about security. I would like someone to tell me if my machine is secure or if there is something I've missed/could do better. I will have apache, mysql and qmail on the same machine. Mysql will not be listening any port. I will only have port 80 open and 110 for mail. I have shorewall installed, F-Prot, chkrootkit, rkhunter, logwatch and did have portsentry but I'm not sure if I want to use it, should I? (it's not installed at the moment). I run these command whenever I reboot the computer.
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all;
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts;
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
echo 0 > $f
done
echo 1 > /proc/sys/net/ipv4/tcp_syncookies;
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do
echo 0 > $f
done
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses;
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done
for f in /proc/sys/net/ipv4/conf/*/log_martians; do
echo 1 > $f
done
echo "0" >> /proc/sys/net/ipv4/ip_forward;
Here is my nmap output.
---------------------------------------------------------------------
Starting nmap 3.50 (
http://www.insecure.org/nmap/ ) at 2004-07-05 18:38 EDT
Host (127.0.0.1) appears to be up ... good.
Initiating SYN Stealth Scan against (127.0.0.1) at 18:38
The SYN Stealth Scan took 1 second to scan 1659 ports.
All 1659 scanned ports on (127.0.0.1) are: closed
Nmap run completed -- 1 IP address (1 host up) scanned in 1.276 seconds
---------------------------------------------------------------------
I have all groups/users that aren't needed removed. I have all unused software uninstalled. I keep on top of patches/software updates. I'm not sure if this does anything but in my hosts.deny file I have ALL:ALL. I have sshd and telnet off all the time. I won't go into my security for apache and mysql, I am wondering if my computer is relatively safe.
Thanks for the feedback folks.