Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Some people on this forum are running servers that get attacked left and right. If I run a very small server in my home, will it be a target for hackers?
How much effort should I put into securing such a server? I just want to run apache, possibly a mail server, and ssh(mainly for local use). My plan for now is this:
no remote root login
automatic security updates
firewall
port reassignment
some program like fail2ban
Sounds like a good start. Keep an eye on your logs and use strong passwords. May want to consider using only ssh-key authentication if publicly accessible. Ensure your MTA is not an open relay / does not openly relay.
General rule of thumb, if you expose a service/port to the world, it will be discovered and attempts will be made to exploit it.
If you are using it behind a router that uses NAT and don't leave ports open that are not necessary you will likely not have too many problems. That said, you never know until you set this up and run it for a while. You may want to setup some kind of IDS (snort or suricata come to mind) to monitor what is going on.
Some people on this forum are running servers that get attacked left and right. If I run a very small server in my home, will it be a target for hackers?
The short answer is yes. The bad guys don't care if your server is large or small, as long as they can exploit it.
Quote:
Originally Posted by wulp
How much effort should I put into securing such a server? I just want to run apache, possibly a mail server, and ssh(mainly for local use). My plan for now is this:
no remote root login
automatic security updates
firewall
port reassignment
some program like fail2ban
You should put some reasonable effort into securing it. Not root logins is a standard security measure, and rayfordj's suggestion of moving to key-based authentication for SSH is an excellent suggestion. Automatic security updates are OK, but I'm assuming that is for the OS only. If your running Apache "applications" like some of the PHP based CMS or forum systems, then you need to keep those updated as well. If you are running PHP based web sites, make really sure you've got PHP locked down. It also wouldn't hurt to run something like mod_security.
Port reassignment is security through obscurity and really only stops the complete idiots. If you've taken decent precautions with passwords, Fail2Ban and things like it are really only useful for cutting down on the noise in log files. You also might investigate file integrity checkers like AIDE or Samhain. They won't stop an attack but can help you diagnose what has happened if you get cracked.
As has already been mentioned it will depend on if you want to open and expose this to the outside world or not. If you are running a server but only make it accessible from within your LAN there is really no greater risk than an other PC on that network. It is by opening up these services to the outside world that can start to bring in the port scans and other noise. Keep in mind that just by exposing a server to the internet with an open port you will see connection attempts in the logs, and all sorts of failures. This is normal, and should not worry you, but do review logs to see if there are any logins etc. which you can't validly explain.
Also keep in mind many home ISPs will block common server ports (HTTP, SMTP, POP, etc.) before they are even forwarded to your edge device. If you planned to run a public website and your ISP blocks inbound traffic on port 80 this will obviously be an issue for you. What is your plan for a firewall? Linux has iptables built into the kernel, but as far as I am concerned that should be a second line of defense. I always prefer to have another hardware firewall doing NAT out in front of any server. This way I can block all unwanted traffic at that level as well as on the server itself. This should help keep the logs on your server cleaner, and if you do see inbound connections to unexpected services, or from unexpected locations you know there is a potential problem.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.