Hardening dedicated server
If you have a debian linux web/mail dedicated server (like apache, postfix and so on) already configured, what other else would you do to secure more your machine? For example cron scripts to check file dir permissions, some IDS/IPS to detect strange behaviours, some scripts that can send email if something strange (like intrusion or server down) is happening, some rootkit scanners....what would you do to secure your server?
Can you hint me some trick? Thanks :) |
Hello and welcome to LQ, hope you like it here.
already configured, what else The way you put your question it looks like you have already done some things to secure your server. Or was it handed over that way to you? If you did things yourself it would be good to list what you did so we don't duplicate or post unnecessary things. Then there's doing research. Debian has a rather good security manual. If you didn't read it you should. For more maybe check out the LQ FAQ: Security references. Then I'd use a checklist and use a scanner like Tiger to determine the general status of the server. Results vs checklist should show you where to start. |
Hi,
first of all many thanks for you reply :) really kind :) Well, I set up apache2 following this guide http://www.securityfocus.com/infocus/1786 but without chroot. I think that if apache already run as a limited user (www-data) then it's not so harmful. At least an attacker has to escalate to root. But if he can escalate to root, even with chroot then it's not so secure, he can mount device and then escape from chroot. I've even php4 (safe mode) and mysql. For postfix I followed this guide: http://www.onlamp.com/pub/a/bsd/2003/08/21/postfix.html This is what I've done until now many thanks in advance :) |
OK. With all due respect but you reacted to half my post and left this out:
Quote:
|
sorry :) I was only replying to your first question :)
No, I've still to read links you gave me :) Thanks :) |
Ah, OK. BTW, don't try and grok the whole Security references part in one go or you'll go mad as a hatter, chunk it, take your time and ask questions as you progress.
|
Question:
if I install apache2, php, mysql with apt-get and then chroot all these packages, then if there's a apt-get upgrade how can I updates these softwares inside chroot? Makejail? Thanks :) |
If "Makejail" contains functionality to copy the updated libs and binaries from the "host" system to the chroot, yes, why not?
|
All times are GMT -5. The time now is 06:02 PM. |