Quote:
Originally Posted by EganSolo
do I need to harden the system further?
|
While you have posted useful information what's missing is an overview of what steps you took. The easiest way to start is to read your distributions' documentation wrt security and hardening, turn it into a checklist and compare it with what you have done. That should address anything ranging from install time issues like package selection, post-install cleanup, account settings like password strength checking, aging, quota, ulimits, login access and process restrictions, service configuration, network configuration, access restrictions and traffic limiting, maintenance, updating, verifying integrity and making backups. A basic distro-agnostic tool to help compare certain local aspects is GNU/Tiger. Run it on a pristine setup, make changes, then run again to check the effect. After that you could try the "Securing Debian Manual" for any issues your distributions' documentation doesn't address, followed by a check against the Cisecurity.org Debian Benchmark and then address issues from the
OWASP top ten. That should cover anything including LAMP stack and other network-related issues. A tool to help you assess the machines security stance from a remote POV is OpenVAS as it focuses on services rather than "simply" checking if a port is accessible or not like nmap does.
Some things to be mindful of no matter what you do:
- Know what you do: ignorance and negligence are the two most common causes for compromises.
- Allow (install, run, grant access to) only that what is strictly needed.
- Be vigilant always: security is not a one-off but a continuous process of auditing and adjusting.