Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
If you have a debian linux web/mail dedicated server (like apache, postfix and so on) already configured, what other else would you do to secure more your machine? For example cron scripts to check file dir permissions, some IDS/IPS to detect strange behaviours, some scripts that can send email if something strange (like intrusion or server down) is happening, some rootkit scanners....what would you do to secure your server?
already configured, what else
The way you put your question it looks like you have already done some things to secure your server. Or was it handed over that way to you? If you did things yourself it would be good to list what you did so we don't duplicate or post unnecessary things. Then there's doing research. Debian has a rather good security manual. If you didn't read it you should. For more maybe check out the LQ FAQ: Security references. Then I'd use a checklist and use a scanner like Tiger to determine the general status of the server. Results vs checklist should show you where to start.
but without chroot. I think that if apache already run as a limited user (www-data) then it's not so harmful. At least an attacker has to escalate to root. But if he can escalate to root, even with chroot then it's not so secure, he can mount device and then escape from chroot.
OK. With all due respect but you reacted to half my post and left this out:
Then there's doing research. Debian has a rather good security manual. If you didn't read it you should. For more maybe check out the LQ FAQ: Security references. Then I'd use a checklist and use a scanner like Tiger to determine the general status of the server. Results vs checklist should show you where to start.