LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-19-2011, 10:07 AM   #1
wulp
LQ Newbie
 
Registered: Mar 2011
Posts: 8

Rep: Reputation: 0
Question How big of a target is a small server at home?


Some people on this forum are running servers that get attacked left and right. If I run a very small server in my home, will it be a target for hackers?

How much effort should I put into securing such a server? I just want to run apache, possibly a mail server, and ssh(mainly for local use). My plan for now is this:

no remote root login
automatic security updates
firewall
port reassignment
some program like fail2ban
 
Old 03-19-2011, 10:18 AM   #2
rayfordj
Member
 
Registered: Feb 2008
Location: Texas
Distribution: Fedora, RHEL, CentOS
Posts: 475

Rep: Reputation: 73
Sounds like a good start. Keep an eye on your logs and use strong passwords. May want to consider using only ssh-key authentication if publicly accessible. Ensure your MTA is not an open relay / does not openly relay.

General rule of thumb, if you expose a service/port to the world, it will be discovered and attempts will be made to exploit it.

 
1 members found this post helpful.
Old 03-19-2011, 10:24 AM   #3
brian-va
Member
 
Registered: Dec 2009
Distribution: Debian
Posts: 46

Rep: Reputation: Disabled
If you are using it behind a router that uses NAT and don't leave ports open that are not necessary you will likely not have too many problems. That said, you never know until you set this up and run it for a while. You may want to setup some kind of IDS (snort or suricata come to mind) to monitor what is going on.
 
1 members found this post helpful.
Old 03-19-2011, 11:40 AM   #4
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,790
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Quote:
Originally Posted by wulp
Some people on this forum are running servers that get attacked left and right. If I run a very small server in my home, will it be a target for hackers?
The short answer is yes. The bad guys don't care if your server is large or small, as long as they can exploit it.

Quote:
Originally Posted by wulp
How much effort should I put into securing such a server? I just want to run apache, possibly a mail server, and ssh(mainly for local use). My plan for now is this:

no remote root login
automatic security updates
firewall
port reassignment
some program like fail2ban
You should put some reasonable effort into securing it. Not root logins is a standard security measure, and rayfordj's suggestion of moving to key-based authentication for SSH is an excellent suggestion. Automatic security updates are OK, but I'm assuming that is for the OS only. If your running Apache "applications" like some of the PHP based CMS or forum systems, then you need to keep those updated as well. If you are running PHP based web sites, make really sure you've got PHP locked down. It also wouldn't hurt to run something like mod_security.

Port reassignment is security through obscurity and really only stops the complete idiots. If you've taken decent precautions with passwords, Fail2Ban and things like it are really only useful for cutting down on the noise in log files. You also might investigate file integrity checkers like AIDE or Samhain. They won't stop an attack but can help you diagnose what has happened if you get cracked.
 
3 members found this post helpful.
Old 03-19-2011, 01:05 PM   #5
ComputerErik
Member
 
Registered: Apr 2005
Location: NYC
Distribution: Debian, RHEL
Posts: 268

Rep: Reputation: 42
As has already been mentioned it will depend on if you want to open and expose this to the outside world or not. If you are running a server but only make it accessible from within your LAN there is really no greater risk than an other PC on that network. It is by opening up these services to the outside world that can start to bring in the port scans and other noise. Keep in mind that just by exposing a server to the internet with an open port you will see connection attempts in the logs, and all sorts of failures. This is normal, and should not worry you, but do review logs to see if there are any logins etc. which you can't validly explain.

Also keep in mind many home ISPs will block common server ports (HTTP, SMTP, POP, etc.) before they are even forwarded to your edge device. If you planned to run a public website and your ISP blocks inbound traffic on port 80 this will obviously be an issue for you. What is your plan for a firewall? Linux has iptables built into the kernel, but as far as I am concerned that should be a second line of defense. I always prefer to have another hardware firewall doing NAT out in front of any server. This way I can block all unwanted traffic at that level as well as on the server itself. This should help keep the logs on your server cleaner, and if you do see inbound connections to unexpected services, or from unexpected locations you know there is a potential problem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Having a small home server, BSD or Ubuntu Server? dynaemu Linux - Server 6 02-18-2011 03:01 PM
Really really BIG home archive server... money no object Raveolution Linux - Hardware 6 03-30-2010 10:26 PM
How to setup Linux DNS server for a small office/home network? lhnw08 Linux - Server 16 07-24-2009 06:35 AM
What ver. Linux server to use on small, low power home computer? vbsouthern Linux - Server 9 05-09-2008 09:30 AM
Small home server setup question mfilippa Debian 5 04-15-2006 09:11 PM


All times are GMT -5. The time now is 06:28 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration