Tools For Vulnerability scanning & some tips for secure your server
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Tools For Vulnerability scanning & some tips for secure your server
Hello
I am new in Linux industry. I am using Mandriva 2008.0 distribution, i want to perform vulnerability assessment of my server, so please provide me the Best tools in the market to perform vulnerability assessment. And also the some steps to hardening Linux Server. I am using FTP, Apache Server & Samba server.
Actually i want to do security audit of my server, so required the necessary steps to perform the total security Audit & also suggest tool to perform that.
Simply having the tools to do a security audit will not be sufficient. The knowledge and experience requirement to accurately describe your systems' security posture is vast.
I'm sure you'll get many tips from LQ on doing a security audit. Take the tips to heart, experiement and learn. But if you're doing this audit for an organization, do them a favor and allow someone with experience to give them an accurate view of their systems so they can make informed decisions to protect their assets.
Simply using tools to perform a security audit will give you very little in the way of useable information unless you know how to use it. I would brush up on my security... learn to understand vulnerabilities and exploits. Listen to security podcasts and read blogs.
Then try these tools... nmap nessus metasploit
To harden your box, dump ftp and use sftp instead.
Learn about mod_security and greensql (if you have a sql backend on your box).
Don't open samba to the outside world.
Learn how to chroot your outward facing services.
Also, if you are going to have your server facing the internet... consider placing a firewall between your server and the net. I use IPCop myself, but Smoothwall or Astaro are also worth a look.
They all provide firewalling, VPN passthrough or endpoint, instrusion detection/prevention and a certain amount of malware scanning on both http and email traffic.
I don't believe that you have to hire a security professional to get a good assessment of your security posture. That is usually big money and this assumes there is money available to contract someone to perform the security assessment. The assumption could be that the server is in a corporate environment...it could be a server that is colo'd by someone that is not associated with a corporation.
Network and system administrators can learn as much as they can about securing the machines they are charged to maintain and still have an outstanding security posture. It depends on how diligent, proactive, and thorough the admin is, IMO.
IMO, everything a security professional does when assessing security should be within the domain (or at least basic understanding) of the network/system admin. This is usually key when the admin has to mitigate risk. To mitigate, you have to at least understand the vulnerability in order to assess and mitigate the risk. If an admin can't do that, they shouldn't be in the positions they're in.
To the OP, there are tons of docs and write-ups on understanding basic security. This forum has some sticky threads on some of them. Good researching is key.
satishmali1983,
I concur with Admiral Beotch & unixfool. However, take it from someone that was in the Security Audit industry. Most of our customers were banks, credit unions, and armored couriers that were required to follow certain Federal regulations in order to stay in business.
*IF* this server belongs to someone who's sole intention is to run a business, you may want to invest in an annual contract with an organization that will scan the server from the outside and offers penetration-testing. Typically about $1,000 per year from a good Payment Card Industry (PCI)-compliant vendor.
However, if this is a personal server, or one that belongs to a small "mom & pop" outfit, then by all means;
nmap, along with "nmapfe" - Google it up and read-up on it's homepage (it was even featured in a Matrix movie!)
Nessus - A Commercial Vulnerability scanner that gives you solutions. There's a free version, too.
MetaSploit - A bit more complicated than Nessus, but a skilled user can attempt almost any known exploit with this one!
However, I would suggest some of the basics;
blockhosts.py - Can be configured to run via cron, and can put the banhammer on anyone trying to brute-force their way in via SSH, FTP, or HTTP (the web part takes a bit more setup).
iptables - A workhorse used by many front-end applications, such as smoothwall.
SSH - Read the man pages for sshd_config and ssh! Most Linux distributions have "PermitRootLogin Yes" set. Turn. That. Off.
Now, if you're starting to feel hardcore about locking-down the server, google-up "bastion host +linux". But keep a backup handy (there is a such thing as 'too tight').
From my personal experience .. download a copy of Backtrack and boot an old laptop into it and spend the rest of your life in their forums figuring out how to use it. The guys at remote-exploit aren't the end all for security, but when it come to open source security tools and audits I've never had trouble finding an answer from them. They are usually up to date on whats going on. http://forums.remote-exploit.org/ Here is where to get Backtrack http://remote-exploit.org/backtrack.html Its an bootable cd distro loaded with open source security tools. The distro it's self however is not meant to be installed as it is somewhat insecure by design and meant to be ran from a non-writable drive like a cdrom.
^
OK, with all due respect... as soon as I saw the McAfee branding, any potential respect I might have for that firm/site/product dropped to zero.
The Windows requirement doesn't do much for its credibility either.
You'd be VERY surprised by this tool. It is difficult to maintain, but the results are very robust. I would frequently use Nessus alongside it when conducting vuln assessments at a previous job...both are very consistent when comparing the results amongst each other, although you definitely have to understand how to configure both when doing 'bake-offs' between the two.
Don't let the McAfee branding and Windows requirement cloud the issue. The end results are the same as if you were running a non-Win32 system and using free tools... and the free tools that Foundstone offers to the public is showing that they are generous and don't have issues with offering free tools to the public.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
