Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Our company have just setup a web server ( by our vendor ) , would advise what hardening that I should do , is there any standard hardening procedure that I can follow ?
Our company have just setup a web server ( by our vendor ) , would advise what hardening that I should do , is there any standard hardening procedure that I can follow ?
You've been working with/asking about Linux for over a year now....and you have NO IDEA how to make sure your server is secure? As with many of your other threads, have you done ANYTHING to work towards this end? Done any research? Tried to look up any of the THOUSANDS of easily-found documents that could get you started?? Checked the security forum here? ANYTHING?????
You will need to register in order to download the guides.
Please review the full guide first, do not try to apply all the instructions right away, you will probably need to adjust some configuration settings to your environment.
Our company have just setup a web server ( by our vendor ) , would advise what hardening that I should do , is there any standard hardening procedure that I can follow ?
thanks
If it's your vendor, then quite a lot of things to be considered.
Your web server hosts website with databases? Does it have PHP form or any forms that customer is able to type some data?
I guess it would be better also to consult your vendor what are the security already in place by them, if ever they have done it.
Last edited by JJJCR; 06-14-2016 at 01:52 AM.
Reason: edit
To answer the immediate question: no, there is no "cookbook procedure," since you are opposing a clever, resourceful, and incognitoindividual most of the time. But there are an abundance of links. CERT, for instance, has more.
make sure you only open what you need, and if possible you should put it behind a vpn or something. Especially make sure you don't open any shells (gui or otherwise) to the outside. rdp, vnc, etc are great for remote administration, but should ALWAYS be behind a vpn.
Edit:
Always use a firewall to block EVERYTHING except exactly what you need. That's always my first hardening process. It's a damn good start.
Your vendor just setup the server and left the software part to you?
You should pay someone else to host your hardware for you. It will be the cheapest way to go and you will get the best protection if you find a capable ISP.
as it was already mentioned you need to loosen your server, not harden:
Close every port and stop every service as a start and enable only what you really need. This is the standard procedure.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.