LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-15-2002, 12:55 AM   #1
JustinHoMi
Member
 
Registered: Apr 2001
Location: Raleigh, NC
Distribution: CentOS
Posts: 154

Rep: Reputation: 30
securing a redhat 6.1 server


Hey folks. One of our new clients has a redhat 6.1 server, and I'd assume that there are probably a number of services that are insecure on it. Does anyone have any suggestions in particular in terms of upgrading this machine and locking it down? I'm used to using current distros and simply upgrading the packages as the security holes are announced. I'm not sure what approach to take on an older machine that probably needs a number of things fixed.

Thanks a lot,
Justin
 
Old 07-15-2002, 08:51 AM   #2
mqe
LQ Newbie
 
Registered: Jun 2002
Location: Finland
Distribution: Debian
Posts: 6

Rep: Reputation: 0
erm.. Redhat 6.1

Does not sound good at all.. If they havent been able to upgrade it, first thing you should do is reinstall it.. I could bet it has already been compromised.

Download for example chkrootkit (as a start) and run it.. I have a wild guess that it will report some rootkits.. dunno..

If in some really strange way it has managed to survive, then you should suggest them to change distribution. that is just my opinion...
 
Old 07-16-2002, 07:49 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,458
Blog Entries: 54

Rep: Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897
If you didn't discover any legacy stuff that would break under upgrade, definately go for an upgrade I'd say. The major reason I can offer is the newer RH's upgrade facilities (dunno if that would really count like for lowering TCO tho), newer kernel for better performance, plus RH6.1 having the largest stock of xploits readily available :-]
Map out what the box *should* be serving, *who* it should be serving to, this and the usual CERT/SANS hardening docs should give you an overview what has to be there and what has to go.

Here's some docs to get you started if you like:
the CERT UNIX Security Checklist v2.0,
CERT's Techtips,
The SANS Reading room: Linux issues,
Bastille Linux Hardening System,
CERT, root compromise, part F,
LASG: Linux Administrator's Security Guide,
Security Quick-Start HOWTO for Linux,
Armoring Linux,
SAG: The Linux System Administrator's Guide,
Elementary security for your Linux box.

HTH
 
Old 07-16-2002, 08:58 PM   #4
JustinHoMi
Member
 
Registered: Apr 2001
Location: Raleigh, NC
Distribution: CentOS
Posts: 154

Original Poster
Rep: Reputation: 30
Thanks, I'll look at all those docs. I ran chkrootkit and it didn't turn up anything. I did check the list of dependencies for upgrading to the rh 7.3 kernel, and down the chain I would have to upgrade glibc which would break a number of packages. Pretty much I would have to upgrade everything... I'd be too worried that something would end up broken in the end. I can't really risk downtime with this server as it hosts their email and web. I think I'll probably just put the latest 2.2.x kernel on there, and upgrade sendmail and popd (I've already put the latest apache, sshd, and proftpd on there). Then a good ipchains rulset will hopefully hide all of the other security holes.

Does this seem like a good alternative, or is there something I'm missing?

Thanks,
Justin
 
Old 07-19-2002, 01:50 AM   #5
rverlander
Member
 
Registered: May 2002
Distribution: A few
Posts: 488

Rep: Reputation: 30
If I were you I'd just kernel to 2.2.21 (rh6.1 has 2.2.5)
DO NOT UPDATE VIA RPMS IF YOU COMPILE FROM SOURCE ITLL BREAK NOTHING EVEN STUFF THAT DEPENDS!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Securing new samba server Hans Zilles Linux - Security 1 11-08-2005 06:40 PM
securing vnc server on RH juanb Linux - General 2 09-08-2005 07:31 AM
Securing a redhat eagle683 Linux - Security 5 06-06-2005 05:37 PM
Securing DNS Server Comatose51 Linux - Security 3 03-13-2005 12:49 AM
Securing Server brentos Linux - Security 4 06-08-2004 10:57 AM


All times are GMT -5. The time now is 11:51 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration