Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi, I recently purchased the following Server from ValueWeb:
AMD Duron 1300
512MB RAM
60 GB IDE Hard Drive
500 GB Data Transfer
Red Hat Linux 7.3
Webppliance Basic
I'm about to launch a Music Loops Website. I am not a web designer. Therefore, I have hired a web designer to set up my corporation's site correctly. I have learned the hard way, that webdesigners do not necessarily know proper security measures. Therefore I would appreciate it if anyone can give me steps to take to tell my web designer to do in order to secure my website's maximum protection from hackers. How do I set up the server to close the necessary ports? What is the best firewall/router setup? These are the kinds of things I need to know. I'm sorry if any of this is covered elsewhere. Thanks in advance to everyone who can help me. You can either post a response here, pm me or e-mail me if it's a long message.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
For starters, I would install a new OS. RH 7.3 is rather old and the applications supplied with it have been patched many times since that version came out. Also, Red Hat will no longer be supplying security updates for the Red Hat Linux products, unless you buy a commercial license (probably around $1,500 for what you want to do). One option would be to install Fedora Linux on it, which you can find from the Red Hat site. It's the unofficial RH 10.0, although it's not maintained by RH.
You could also install any number of other Linux distributions, perhaps by buying the "Power Pack" or "Pro" version of distros like Mandrake, or SuSE (they are much cheaper than a license for RH ES/AS). Just make sure that whatever you pick will let you download security updates from them. I know Mandrake does include security updates if you buy it (about $70 US for the Power Pack edition last time I bought it).
Once you have a new OS installed, make sure you download and install any available security updates. There have probably been a few more since the release version was burned to CD.
Next, check out this very informative resource for hundreds of links to security HOW-TOs, FAQs, etc... You'll most likely want to check out the *NIX security checklists and also the netfilter/iptables HOW-TOs.
You bought an hosted server? (500 Gb transfer...)
If it is the case, do you have access to the OS directly?
Your programmer must know the best practices of programming securely. You can't really get that from an how-to. There are many books, on amazon, though.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Oh yeah, ugob makes a good point about it being hosted... Since it lists "webappliance" as a feature your hosting provider may treat it as an appliance device and not give you access to the OS. In that case, make sure you get a full report from them on what steps they have taken to secure the OS and update the services, and a full list of what the current version is of every major software package (Apache, PHP/mod_php, OpenSSL/mod_ssl, OpenSSH, etc...)
Otherwise if you own the server and have access to the OS, proceed as described in my first post.
I went on the valueweb website and they're advertising redhat linux 9 installed. I tried chattin with them, but all their reps were busy. I would be terribly surprised if you have root accces on their servers. However, don't consider that a bad thing, because they'll secure it for you. I think it is a lot better like that. They probably know security a whole lot more than you and they have specialists to do it.
What you will probably be able to do is have a regular shell account, a control panel, a ftp accesss, etc. You should have enough option to be able to do what you want.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.