LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-04-2007, 08:21 PM   #1
saimike
Member
 
Registered: Aug 2003
Posts: 71

Rep: Reputation: 15
securing a LAMP server


I would like to secure my torrentbox (debian + LAMP + vsftpd + torrentflux/bittornado + ssh) which is sitting in my home router's DMZ. What is the best way to do this? I presume it is a combination of configuring iptables and the LAMP software, but really have no idea how to do it. I'm a longtime unix user but first time linux administrator so I'll need some help here.

About 80% of the time, I would be accessing the server from within my LAN. Torrentflux/bittornado is the only sw that will be accepting connections form the WAN 100%. One idea I had was to configure iptables to separately enable/disable the various sw from accepting connections from the WAN as and when I will need it, much like how zonealarm does it (for those who also run windows). Is there an easy way to do this? Is it even a good idea?

Any pointers will be appreciated.
 
Old 09-04-2007, 11:41 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Yeah, iptables is a definite must. The tutorial most recommended by people is this one. Note, however, that iptables should only be a very basic part of your whole security scheme. There's tons of other stuff you need to think about besides firewalling. You've got a lot of reading ahead of you, and probably the best place to get started is unSpawn's Security references thread. You could then post back with some more specific questions, etc.
 
Old 09-06-2007, 08:24 PM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Hi there, saimike. Just wondering how it's going with this. Have you been able to lay out some sort of plan of action yet? Hopefully you already started reading security material and are on your way to determining which tools, policies, and procedures are most suitable for you.

I was thinking about what you said about any pointers being appreciated. If there was only one piece of advice I could offer you, it would be to install and familiarize yourself with a HIDS. Personally, I use Tripwire (and I recommend it), but there's several other HIDS available, such as: AIDE, Samhain, Osiris, OSSEC, Tiger, Afick, Integrit, etc. Each has it's pros and cons, and each will appeal to different tastes. Some have features others don't.

Having a properly installed HIDS is one of the simplest things you can do in order to avoid being in a situation where you don't know if your security has been compromised or not. It's also a perfect first step toward knowing *how* you were breached. Yet even so, you wouldn't believe the amount of cases seen here on LQ (and in the physical world also) where the admins don't know with a fair degree of certainty whether or not they are still in control of their boxes.

Install a HIDS before you plug your box into the network for the first time (after having done an installation from trusted media). Heck, install two HIDS if you want. Schedule cron jobs for them, have the results emailed to you periodically. Keep off-site backups of their databases in read-only media just in case. Once in a while run a scan from a Live CD, even if it seems redundant. It's all good. Information is power, and knowing what (if anything) has been changed on your system is one of the most essential pieces of information an admin concerned about security can have.

Last edited by win32sux; 09-06-2007 at 08:43 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up Ubuntu LAMP Server for local web server sewmyheadon Linux - Newbie 5 02-11-2007 03:06 PM
LAMP Server? carlosinfl Linux - General 5 10-05-2006 01:05 AM
Securing a LAMP server [1] SSHD Wim Sturkenboom Linux - Security 4 06-07-2006 07:57 AM
New LAMP Server dragondefj Linux - General 5 01-31-2006 02:38 AM
Lamp Server kwickcut Mandriva 1 11-25-2005 11:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration