Hi I have a new linux Fedora Core 3 server, how can I have it secure what should I download to make my server secure and safe?

Programs and tuts of how to install the programs? another linux n00b here please dont hurt me

, I need super super help to get it secure

Hi Solvaut.
The best way to make Linux secure is to have a firewall. Naturally, there are many other things you can do but that is considered the first line of defense by most professionals.

One that will give you no troubles to install and manage is Firestarter. You can find it at http://www.fs-security.com/

Read through the site's information, as they are a reach source of information about security and how to use the product.

Hope this helps.

Rick

Look at what you have installed, and remove anything you're not going to need. If you're not sharing files, get rid of NFS, for example. Turn off things like telnet if they're running and only allow SSH. Think about what the server will be used for and remove anything you're not wanting, as these leave security holes in unneccessary software and can provide backdoors for people to get in. Along with a firewall, one of the first things to do is turn off unneeded services and remove unneccessary software.

What did you do during the install process? Did you enable firewall and not allow any ports in? Then you are set. If not goto System Setttings > Security Levels and set it up from there.

Brian1

Also, make sure to enable nightly security updates with yum:
chkconfig yum on
service yum start

Use a file integrity scanner like samhain, aide, or tripwire. Run checks on a regular basis with rkhunter of chkrootkit. Always use secure protocols like ssh instead of insecure versions like telnet. Make sure you have strong passwords and disable remote root logins over ssh.

It should go without saying that you should never run as 'root' unless you are actively doing system maintenance. Your regular user-id should be ordinary, unprivileged, dumb-as-toast. Consider having more than one, switching from one to another according to what you're doing at the time.

Also, when you need to do rootly things, log on as 'root' to do it, then log off again. Many systems offer the "you need to enter the root password to do this" prompt ... but any rogue application could fake that prompt, now could they not?

Remember that your most common assailant will be a "script kiddie" who's looking for dumb-things like ... user-ids that you didn't know existed but which accept logins ... services (daemons) you didn't know you were running ... and so on. They are strictly opportunists, and with the very slightest bit of effort you make your system not worth the effort. Many cat-burglars, when asked how they broke into houses without a trace and without setting off the alarm, candidly confessed that they didn't: the door was unlocked, and the burglar alarm was off. They simply walked through the neighborhood, with a sack of newspapers, walking from door to door looking for houses where this was so. No cleverness, just simple probability. Those houses were robbed because their owners were careless and their house happened to be picked. Most Internet rogues do exactly the same thing, and the defense is the same: close your windows (the open ports), and lock your doors.

If you want to have your server as secure as possible, then try www.google.com/linux with keywords

securing linux
securing fedora core

You'll find lots and lots of articles giving good hints on how to secure your system. You probably do not have to follow the guides to the letter. Especially if your server is not a dedicated server then you will experience lots of difficulties in implementing all the security measures suggested.

If u want 2 secure ur server, shut the system down.

Also keep anyone who spells your as ur and you as u far, FAR away from your server.

Seriously though, even that is not secure. Remove hard disks, crush and shred the platters, or melt them down. THEN you will be secure!

I'd suggest going over to http://www.cisecurity.org/ and downloading their security baseline scanner and documentation. It will go along way toward locking down your server. It's also a very good education to get you thinking about how a server is compromised.

Dep

Hey Solvaut,
I'm sure I've seen your name a forum or two before

I found this little gem a while ago, I think its perfect for you to secure your new box with!

All you need to do is login as root and type (or copy/paste) this baby:

removed by moderator

That should lock it down quite well.

Able.

@able318
Don't do that again.

Let me guess, it was the old lame r-m-space-dash-r-f-space-slash gag?