How do you secure your Server
 

new to securing linux server.

How do you secure your Server? What type of firewall do you run? Do you just have iptables? What other programs or modyfication do you make? What do you scan root kits with? Is it worth having programs like IPCop or firestarter? do these programs slow down the servers a lot? Is there any other tips/scans/programs a secure linux should run? Has anyone used apf firewall? is it any good?

I personally like firestarter. It is great for telling you exactly what is happening now, and you can modify your rules in real-time... just as the site says.

Hope this helps you.

DragonM15

What is the purpose of the server?

once the server setup completed. 1st thing is install ROOTKIT HUNTER :P this is used to prevent the rookit and Install Fail2ban to prevent BruceForce attack. This application damn cool and i like it so much :P

use the PAM to make the system password more harder to break but in my mind, everything can be break.

use the chattr to protect some important files.

remove SUID and GUID application and use SUDO to instead of it.

close down all unnecessary ports. especially those unsecure protocol like telnet, rlogin or ftpd. use SSH. SCP to instead of them.

arpwatch :) to keep you out of arp attack, but not 100%, ok ?

Snort please, IPtables please and patches as well. ARP Attack/Poison is a nightmare for system admin. If you in the small network, please add the static mac address to prevent the ARP Attack/Poison. But i belive SNORT + IPTABLES can kill it easily .

Try to encrypt the protocols as many as possible. Cause the technical attacker can sniff you easily and hidden from your SNORT as well.

as linux kernel release too often nowadays, the amount of bugs has been increased. My advice is dont keen to update to the latest stable yet, although is stable but not really STABLE at all. wait for couple of months only decide to update it or not. (RedHat never use the latest kernel due to security concerns.)

dont use the buggy distro like UBUNTU, it's really pretty and good for newbie but too buggy and unstable over Debian stable.

Tripwire, Nagios, TCPDUMP, WIRESHARK , you must know that if not how do u find the attacker .

always read ur log files, see whether has been modified or not. This is important. Read it everyday :P haha good for health :P

last, dont too depend on tools. Please watch the system closly. That's all

it will be a web server

That is some great info, I will do some research on these

Tripwire, Nagios, TCPDUMP, WIRESHARK ,are these unix based?

what do you think is the most secure/best linux
centos, red hat, debian, solaris, or other?

does that take up a lot of cpu power. can I use it if I'm just running unix no gnome or kde.

I don't think so.... but don't quote me on that. I believe that when it is installed it puts the firewall configuration that you make in a startup script, which would in turn be usable in unix. But the actual application is gui style. As far as CPU usage it doesn't use hardly any, with the small exception of if 1000+ computers are trying to connect to you at once through a port that is blocked, then the CPU usage jumps but besides that I havent had any problems with it.

DragonM15

YES. These tools available for open source *nix.

none of these actually. I prefer FreeBSD over these linux distro.
The bugs found in the Linux for each release > the bugs found in the freeBSD for a year. So, dont use the latest STABLE.

well, i am using Debian for 2 years and I'm happy with it. But i still prefer freeBSD but BSD cannot get job in my company. I have to give up to it.

I'm going to have to agree with hackintosh...

If you're building a server, go with FreeBSD. FreeBSD tends to be more robust and stable, and fewer bugs typically means fewer chances an exploitable vulnerability exists. FreeBSD is also an insanely nimble OS compared to *most* Linux distros out there. I've heard that NetBSD is another good choice, but I haven't messed with it much.

If you're building a firewall/IDS/Remote Logging machine, however, I'd say OpenBSD wins that contest hands down. The OpenBSD firewall 'pf' runs on FreeBSD, but for a critical perimeter/security machine I'd trust OpenBSD more than virtually anything else because of the project's record for fewer remote vulnerabilities (2 remote exploit vulnerabilities in ten years) and because of my own personal attempts to break OpenBSD (which have failed).

Just my thoughts...

Now I'm thinking about using freebsd

why does cpanel says advanced users only
is it a tough distro to learn?

http://www.cpanel.net/products/cPane...quirements.htm
cpanel says...

FreeBSD (recommended for advanced users only)
266 MHz Processor or better (more processing power is recommend)
64MB of RAM (1 GB recommended when hosting many accounts)
10GB-2TB disk space (more disk space is necessary to host more domains)
A fresh install of the RELEASE branch of a version listed below
i386 Architecture:

FreeBSD® 4.2, 4.3, 4.4, 4.5, 4.6, 4.8, 4.10, 5.0, 5.3, 5.4, 6.0, 6.1



x86-64/amd64 Architecture:

FreeBSD® 5.3, 5.4, 6.0, 6.1

I'm using Debian etch on my webserver and it's great. Very stable and very easy to maintain.

As a firewall, I'd recommend FireHOL, which is an easily configurable frontend for the iptables firewall. No GUI is required as it's configured by a text file.

Bastille is also a great package which will walk you through the steps of securing your server. You'll also learn a lot during the process.

well, NetBSD really good nowadays. stable but not so much features like FreeBSD. While the OpenBSD's PF is damn good.

I've had a FreeBSD6.1 with PF enabled before. The PF's rules is damn easy to understand.

PF runs on freeBSD is not good as OpenBSD because we cant use the latest version of PF and etc.

Another problem is you may need to use 100 rules for the Traffic shaping by using IPTABLES, but PF can do with 50 rules in the same situation. That's the primary problem i found to maintain IPTABLES is more difficult over the PF.

I also need advice on this matter
 

Hello guys, I was going to create a post for this exact same matter, but since this one is already running I'll just post here.

I'm also a newbie about managing a Linux server, so I'm looking for advice on this matter... this is what I have:

- Virtual Private Server running CentOS 4.5
- 1 Gig of RAM

My provider doesnt allow the use of internal firewall on the VPS (netfilter/iptables not compiled on the Kernel I think), but on the other hand they allow you to send them your desired firewall rules and they will enforce them at the Hardware Firewall level. I was wondering what should be the recommended firewall rules for a Web Server running on a VPS.

Basically I'll have these services on my server:

Apache running on port 80: A Social Network app and phpBB forums (plus other non-public php apps like OpenAds and phpMyAdmin). Around 10.000 daily visitors.

Webmin running on port X1 (in the 10K range)

ssh2 running on port X2 (in the 10K range)

Sendmail on the default Sendmail port: I won't have an imap/pop3 service running on my server, 'cause all of my addreses are forwards to my gmail account.

Should the Firewall rules simply be close all ports for inbound traffic and open only Ports 80, X1, X2 and Sendmail port ?. Or things need to be more sophisticated ? (remember that I need to send my provider the specific rules so they can configure the hardware firewall)

BTW.. other security measures I've taken:

- Don't allow login with "root" user directly on SSH
- Don't allow external access to the MySQL server

I was thinking on installing one of those "port scanning" alert system, and also something like "Bastille"... are those any good ?, Would they take much CPU/Memory ??

I think Hackintosh post was very informative, and I'll try to check everything he mentioned. Just wondering if there are "must-do" things that I should do for my kind of site/service. Since my site is a Web Community with decent traffic you can assume that from time to time there will be some smart-kid that will try to mess up with my server.

Thanks!!

George

Thanks. The information i provided is bullshit actually.

well, actually i am a computer operator and i never have any server experience :P (suck, i never get a good job )

I never setup any production server before and the things i mention at here is from my own PC which is acts as my server :P . So i dont know the real situation in production server.

But i like to read the log files from the server who has been intruded and do discussion with those security experts to see any good tools or ideas they can provide. This is a good way to improve ur knowledge.

the thing MUST DO ???? try to add as many security layers as possible but dont encrypt the harddisk. this can cause the system damn slow.

May i have the your web URL ??



use the chattr to protect some important files. <== back to this, if you plan do not add any user in future, please use this to lock your /etc/passwd , so no more user can be added and intruder cannot change it also. :P