LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-23-2007, 10:46 PM   #16
hackintosh
Member
 
Registered: Dec 2005
Posts: 52

Rep: Reputation: 15

Quote:
Originally Posted by LinuxCrazy
Now I'm thinking about using freebsd

why does cpanel says advanced users only
is it a tough distro to learn?

http://www.cpanel.net/products/cPane...quirements.htm
cpanel says...

FreeBSD (recommended for advanced users only)
266 MHz Processor or better (more processing power is recommend)
64MB of RAM (1 GB recommended when hosting many accounts)
10GB-2TB disk space (more disk space is necessary to host more domains)
A fresh install of the RELEASE branch of a version listed below
i386 Architecture:

FreeBSDŽ 4.2, 4.3, 4.4, 4.5, 4.6, 4.8, 4.10, 5.0, 5.3, 5.4, 6.0, 6.1



x86-64/amd64 Architecture:

FreeBSDŽ 5.3, 5.4, 6.0, 6.1
freeBSD 6.2 is quite good and stable now.
but freeBSD 7 will be new milestone for freeBSD as this release made many changes nowadays. Hope the time release i can use it to setup a production server.
 
Old 05-24-2007, 10:21 AM   #17
LinuxCrazy
Member
 
Registered: May 2007
Posts: 48

Original Poster
Rep: Reputation: 15
I see many companies using Solaris. Many jobs in Solaris. Thinking of getting experience is Solaris just in case I need a Solaris job. Is Solaris very stable for a server?
Is Solaris server the way to go? Anyone here have a solaris server?
 
Old 05-24-2007, 11:10 AM   #18
ErrorBound
Member
 
Registered: Apr 2006
Posts: 280

Rep: Reputation: 31
Solaris is a good server as well, although with presently less hardware support (for non-Sun hardware). I think the trend that's happening now is servers migrating from Solaris to Linux though, and migrations from Sun's hardware to more generic Intel-types.

Solaris, Linux, *BSD....they're all good. They're also quite similar, so whatever you end up choosing, you will end up with a lot of skills that transfer over nicely to any of these OSes.

Last edited by ErrorBound; 05-24-2007 at 11:11 AM.
 
Old 05-29-2007, 10:06 PM   #19
troybtj
LQ Newbie
 
Registered: May 2007
Location: South Dakota
Distribution: Debian Etch (8), XP (1), FreeBSD (1), HP-UX (1)
Posts: 23

Rep: Reputation: 15
Quote:
Originally Posted by ElGeorge
Hello guys, I was going to create a post for this exact same matter, but since this one is already running I'll just post here.
<snip>
Thanks!!

George
Use apache webserver with mod_dosevasive and mod_security

Keep phpBB and all other apps updated continually. watch your logs.

If the provider prevents you from doing any blocking at kernel level, that limits you terribly, as you aren't going to realize a problem until it is too late.

Have provider block all ports but 22 25 80 110 and drop all invalid packets (probably already done).

I'd recommend finding a hosting provider that allows you to use kernel level firewall tools, and also will add rules to the gateway router.

From what I've seen, a fresh machine on a new domain has about 200 distinct IP addresses trying every script in google against it.

Make sure it is configured as well as it can be and dump all non-used services, and keep up to date with PHP updates. There has been an exploit discovered and patched between the time you made your post and this post.
 
Old 06-20-2007, 12:56 PM   #20
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
One note on RKhunter... It should not be directly installed on the system. A read-only file system like a CD is best.
 
Old 06-22-2007, 05:58 AM   #21
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,348

Rep: Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749
You might also want this: http://www.chkrootkit.org/
 
Old 06-25-2007, 01:23 AM   #22
hackintosh
Member
 
Registered: Dec 2005
Posts: 52

Rep: Reputation: 15
Quote:
Originally Posted by troybtj
Use apache webserver with mod_dosevasive and mod_security

Keep phpBB and all other apps updated continually. watch your logs.
dont use phpBB cause too many bugs..
 
Old 06-27-2007, 02:21 AM   #23
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,348

Rep: Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749
If you do go with Linux, this is worth looking at also: http://www.bastille-linux.org/
 
Old 06-27-2007, 02:43 AM   #24
b0uncer
LQ Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
Quote:
dont use the buggy distro like UBUNTU, it's really pretty and good for newbie but too buggy and unstable over Debian stable.
I take it that you mean a self-made-buggy version of Ubuntu (because those I've installed have seemed to me very stable). Debian being more stable than anything else is a too much grown legend, there are others that are as good or even better. If I was to pick up a Debian-based server, it wouldn't necessarily be Debian itself; I'd rather not pick up such a geeky test distribution at all, though, but something that really works.

Firestarter is a graphical front-end to controlling iptables. If you're an admin you should be ok with command line and scripts, and that way more comfortable with iptables (the command-line tool). It's just as real-time as Firestarter is (type in an iptables command and it's effective from the moment you press ENTER), but doesn't waste space from your screen like GUI programs do. I consider Firestarter a newbie tool, just like webmin. No offence, they're both useful if you like them, but they hardly ease up the life of a person who knows the things.

My first advice of securing a server is to prevent access to it, except what is vital. That means locking it up someplace where there's no access without boulder traps, molten lava and some poisoned spears, for a start. Second step is to make sure you have a reliable backup system working, and that you test the backups every once in a while. Backups are a measure of security people forget when they're hunting rootkits and mean russian crackers; more probably than them you'll get a lightning strike that burns the house down to ground, and without backups you've got problems. So back up the important data (at least), have several backups (from the past few days, from last week and last month for example, so if you find out some of the latest backups are corrupt or have backed up compromised system files, you'll have older working copies too) and store them away from the server itself.

Did I already mention to test the backups? If you only have a DVD+-RW disc that you overwrite every day, you might find it's not working when it should. You might have a dozen tapes with backups and live happy, get your server burnt to death and find out that for some odd reason the backups don't work.. A good habit is to have a test-environment to which you drop the backups and see if the process goes all right. Do that often enough to make sure at least part of your backups actually work. In my work I see too much people who boast having a million-dollar backup system and three admins taking care of it, but never test the media; a few months ago one server caused major trouble being trashed, after the "admins" found out their seven backup tapes were just garbage (not to mention the server that was recently replaced; it had happily "made backups" for two years, luckily without a single accident, before somebody found out there had been a permissions problem and all the tapes were actually empty).

Last edited by b0uncer; 06-27-2007 at 02:49 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how can I secure my nis server ?can I use openSSL to secure it form sniffing ? abhi_raj Linux - Networking 1 07-10-2006 06:19 AM
How to secure Server irfanhab Linux - Security 2 06-02-2006 03:31 AM
Is OS X secure enough to use as a server? Travis86 Other *NIX 9 10-15-2004 11:23 PM
Secure server that allows for rdp redogre82 Linux - Software 1 09-04-2004 03:55 PM
secure pop3 server JustinHoMi Linux - Security 2 10-26-2001 05:55 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration