LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-08-2003, 01:45 AM   #1
jtaylor75
LQ Newbie
 
Registered: Dec 2003
Posts: 3

Rep: Reputation: 0
Newbie Security Questions


Hi, I recently purchased the following Server from ValueWeb:


AMD Duron 1300
512MB RAM
60 GB IDE Hard Drive
500 GB Data Transfer
Red Hat Linux 7.3
Webppliance Basic

I'm about to launch a Music Loops Website. I am not a web designer. Therefore, I have hired a web designer to set up my corporation's site correctly. I have learned the hard way, that webdesigners do not necessarily know proper security measures. Therefore I would appreciate it if anyone can give me steps to take to tell my web designer to do in order to secure my website's maximum protection from hackers. How do I set up the server to close the necessary ports? What is the best firewall/router setup? These are the kinds of things I need to know. I'm sorry if any of this is covered elsewhere. Thanks in advance to everyone who can help me. You can either post a response here, pm me or e-mail me if it's a long message.

Thanks!

Jon
 
Old 12-08-2003, 02:44 AM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
For starters, I would install a new OS. RH 7.3 is rather old and the applications supplied with it have been patched many times since that version came out. Also, Red Hat will no longer be supplying security updates for the Red Hat Linux products, unless you buy a commercial license (probably around $1,500 for what you want to do). One option would be to install Fedora Linux on it, which you can find from the Red Hat site. It's the unofficial RH 10.0, although it's not maintained by RH.

You could also install any number of other Linux distributions, perhaps by buying the "Power Pack" or "Pro" version of distros like Mandrake, or SuSE (they are much cheaper than a license for RH ES/AS). Just make sure that whatever you pick will let you download security updates from them. I know Mandrake does include security updates if you buy it (about $70 US for the Power Pack edition last time I bought it).

Once you have a new OS installed, make sure you download and install any available security updates. There have probably been a few more since the release version was burned to CD.

Next, check out this very informative resource for hundreds of links to security HOW-TOs, FAQs, etc... You'll most likely want to check out the *NIX security checklists and also the netfilter/iptables HOW-TOs.
 
Old 12-08-2003, 03:39 AM   #3
jtaylor75
LQ Newbie
 
Registered: Dec 2003
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks!

chort, thanks for the tips and for that invaluable link. I've got a ton of reading to do. But, thanks for pointing me in the right direction.

Jon
 
Old 12-08-2003, 10:17 AM   #4
ugob
Member
 
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436

Rep: Reputation: 31
You bought an hosted server? (500 Gb transfer...)
If it is the case, do you have access to the OS directly?

Your programmer must know the best practices of programming securely. You can't really get that from an how-to. There are many books, on amazon, though.
 
Old 12-08-2003, 10:52 AM   #5
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Oh yeah, ugob makes a good point about it being hosted... Since it lists "webappliance" as a feature your hosting provider may treat it as an appliance device and not give you access to the OS. In that case, make sure you get a full report from them on what steps they have taken to secure the OS and update the services, and a full list of what the current version is of every major software package (Apache, PHP/mod_php, OpenSSL/mod_ssl, OpenSSH, etc...)

Otherwise if you own the server and have access to the OS, proceed as described in my first post.
 
Old 12-08-2003, 01:49 PM   #6
jtaylor75
LQ Newbie
 
Registered: Dec 2003
Posts: 3

Original Poster
Rep: Reputation: 0
Sorry, I forgot to mention that it is a dedicated server. But, it is hosted/owned by ValueWeb. I should have access to the OS, I think...I hope.
 
Old 12-08-2003, 04:18 PM   #7
ugob
Member
 
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436

Rep: Reputation: 31
I went on the valueweb website and they're advertising redhat linux 9 installed. I tried chattin with them, but all their reps were busy. I would be terribly surprised if you have root accces on their servers. However, don't consider that a bad thing, because they'll secure it for you. I think it is a lot better like that. They probably know security a whole lot more than you and they have specialists to do it.

What you will probably be able to do is have a regular shell account, a control panel, a ftp accesss, etc. You should have enough option to be able to do what you want.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
security newbie, but not Linux newbie. advice on secure delete tools mattie_linux Linux - Security 19 08-15-2005 01:50 AM
[Security Questions] Last Login, how good is this feature for security breach info? t3gah Linux - Security 2 06-14-2005 01:02 AM
Newbie Security Questions gwalk Linux - Security 2 12-05-2004 08:54 AM
Security for a newbie mdktechie Linux - Security 1 10-01-2003 03:41 PM
newbie security. toothfish Slackware 2 04-29-2002 08:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration