Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
05-23-2007, 10:46 PM
|
#16
|
Member
Registered: Dec 2005
Posts: 52
Rep:
|
Quote:
Originally Posted by LinuxCrazy
Now I'm thinking about using freebsd
why does cpanel says advanced users only
is it a tough distro to learn?
http://www.cpanel.net/products/cPane...quirements.htm
cpanel says...
FreeBSD (recommended for advanced users only)
266 MHz Processor or better (more processing power is recommend)
64MB of RAM (1 GB recommended when hosting many accounts)
10GB-2TB disk space (more disk space is necessary to host more domains)
A fresh install of the RELEASE branch of a version listed below
i386 Architecture:
FreeBSDŽ 4.2, 4.3, 4.4, 4.5, 4.6, 4.8, 4.10, 5.0, 5.3, 5.4, 6.0, 6.1
x86-64/amd64 Architecture:
FreeBSDŽ 5.3, 5.4, 6.0, 6.1
|
freeBSD 6.2 is quite good and stable now.
but freeBSD 7 will be new milestone for freeBSD as this release made many changes nowadays. Hope the time release i can use it to setup a production server.
|
|
|
05-24-2007, 10:21 AM
|
#17
|
Member
Registered: May 2007
Posts: 48
Original Poster
Rep:
|
I see many companies using Solaris. Many jobs in Solaris. Thinking of getting experience is Solaris just in case I need a Solaris job. Is Solaris very stable for a server?
Is Solaris server the way to go? Anyone here have a solaris server?
|
|
|
05-24-2007, 11:10 AM
|
#18
|
Member
Registered: Apr 2006
Posts: 280
Rep:
|
Solaris is a good server as well, although with presently less hardware support (for non-Sun hardware). I think the trend that's happening now is servers migrating from Solaris to Linux though, and migrations from Sun's hardware to more generic Intel-types.
Solaris, Linux, *BSD....they're all good. They're also quite similar, so whatever you end up choosing, you will end up with a lot of skills that transfer over nicely to any of these OSes.
Last edited by ErrorBound; 05-24-2007 at 11:11 AM.
|
|
|
05-29-2007, 10:06 PM
|
#19
|
LQ Newbie
Registered: May 2007
Location: South Dakota
Distribution: Debian Etch (8), XP (1), FreeBSD (1), HP-UX (1)
Posts: 23
Rep:
|
Quote:
Originally Posted by ElGeorge
Hello guys, I was going to create a post for this exact same matter, but since this one is already running I'll just post here.
<snip>
Thanks!!
George
|
Use apache webserver with mod_dosevasive and mod_security
Keep phpBB and all other apps updated continually. watch your logs.
If the provider prevents you from doing any blocking at kernel level, that limits you terribly, as you aren't going to realize a problem until it is too late.
Have provider block all ports but 22 25 80 110 and drop all invalid packets (probably already done).
I'd recommend finding a hosting provider that allows you to use kernel level firewall tools, and also will add rules to the gateway router.
From what I've seen, a fresh machine on a new domain has about 200 distinct IP addresses trying every script in google against it.
Make sure it is configured as well as it can be and dump all non-used services, and keep up to date with PHP updates. There has been an exploit discovered and patched between the time you made your post and this post.
|
|
|
06-20-2007, 12:56 PM
|
#20
|
Senior Member
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552
Rep:
|
One note on RKhunter... It should not be directly installed on the system. A read-only file system like a CD is best.
|
|
|
06-22-2007, 05:58 AM
|
#21
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,393
|
You might also want this: http://www.chkrootkit.org/
|
|
|
06-25-2007, 01:23 AM
|
#22
|
Member
Registered: Dec 2005
Posts: 52
Rep:
|
Quote:
Originally Posted by troybtj
Use apache webserver with mod_dosevasive and mod_security
Keep phpBB and all other apps updated continually. watch your logs.
|
dont use phpBB cause too many bugs..
|
|
|
06-27-2007, 02:21 AM
|
#23
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,393
|
If you do go with Linux, this is worth looking at also: http://www.bastille-linux.org/
|
|
|
06-27-2007, 02:43 AM
|
#24
|
LQ Guru
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131
Rep:
|
Quote:
dont use the buggy distro like UBUNTU, it's really pretty and good for newbie but too buggy and unstable over Debian stable.
|
I take it that you mean a self-made-buggy version of Ubuntu (because those I've installed have seemed to me very stable). Debian being more stable than anything else is a too much grown legend, there are others that are as good or even better. If I was to pick up a Debian-based server, it wouldn't necessarily be Debian itself; I'd rather not pick up such a geeky test distribution at all, though, but something that really works.
Firestarter is a graphical front-end to controlling iptables. If you're an admin you should be ok with command line and scripts, and that way more comfortable with iptables (the command-line tool). It's just as real-time as Firestarter is (type in an iptables command and it's effective from the moment you press ENTER), but doesn't waste space from your screen like GUI programs do. I consider Firestarter a newbie tool, just like webmin. No offence, they're both useful if you like them, but they hardly ease up the life of a person who knows the things.
My first advice of securing a server is to prevent access to it, except what is vital. That means locking it up someplace where there's no access without boulder traps, molten lava and some poisoned spears, for a start. Second step is to make sure you have a reliable backup system working, and that you test the backups every once in a while. Backups are a measure of security people forget when they're hunting rootkits and mean russian crackers; more probably than them you'll get a lightning strike that burns the house down to ground, and without backups you've got problems. So back up the important data (at least), have several backups (from the past few days, from last week and last month for example, so if you find out some of the latest backups are corrupt or have backed up compromised system files, you'll have older working copies too) and store them away from the server itself.
Did I already mention to test the backups? If you only have a DVD+-RW disc that you overwrite every day, you might find it's not working when it should. You might have a dozen tapes with backups and live happy, get your server burnt to death and find out that for some odd reason the backups don't work.. A good habit is to have a test-environment to which you drop the backups and see if the process goes all right. Do that often enough to make sure at least part of your backups actually work. In my work I see too much people who boast having a million-dollar backup system and three admins taking care of it, but never test the media; a few months ago one server caused major trouble being trashed, after the "admins" found out their seven backup tapes were just garbage (not to mention the server that was recently replaced; it had happily "made backups" for two years, luckily without a single accident, before somebody found out there had been a permissions problem and all the tapes were actually empty).
Last edited by b0uncer; 06-27-2007 at 02:49 AM.
|
|
|
All times are GMT -5. The time now is 06:09 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|