LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-23-2006, 08:41 PM   #1
winchester169
Member
 
Registered: Mar 2004
Posts: 31

Rep: Reputation: 15
web server build howto


Hey, I have to rebuild a web server that will act as a web server, DNS server, email server, ftp server, samba server and possibly some other web related servers. I would like to use CentOS but what security measuers should I install/run to prevent hacking. I had one running fedora core 2 and it got hacked and bad. I need to prevent this. I will be running two NIC cards for an interna and external IP. The external will be a 66.224.xx.xx and serve websites on the same. The internal will be a 10.10.10.x network. A breif walkthrough and hints/ideas are helpful. I recall in the past that I had difficulty with the internal network getting out to the internet. I would also like to be able to VPN into it from home.

Thank you in advance!!
 
Old 07-23-2006, 09:09 PM   #2
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
A good link for firewalls for this situation is

http://iptables-tutorial.frozentux.net/
 
Old 07-24-2006, 04:07 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
I have to rebuild a web server that will act as a web server, DNS server, email server, ftp server, samba server and possibly some other web related servers.
With all due respect but this sounds like a typical "all eggs in one basket" solution. Services have different requirements and impact wrt users, risk and performance. So first thing IMHO would be to give a thought or two to the design of it all. One way could be to make a list of information that must be secure and services that must be accessable only to LAN (that is, if you can trust your users) users and put those services on a separate box. Split off publicly accessable services that present a risk (or will likely be abused) like FTP, HTTP and any PHP-based apps and confine them to a separate box. Another way, if you have only one box to work on and it isn't underspecced, could be to look into virtualisation (I know, it's a buzzword) as a means of separating services. Whatever way you choose, please make a choice based on objective, measurable criteria. If you're using CentOS-4 I would definately get a grip on SELinux. It may seem a bit of a burden but if you look back at the latest 2.6 kernel /proc exploit you see SELinux did stop that. Also have a look at the LQ FAQ: Security references, next to the section on system hardening there's (a budding one) on hardening services.
 
Old 07-24-2006, 02:42 PM   #4
winchester169
Member
 
Registered: Mar 2004
Posts: 31

Original Poster
Rep: Reputation: 15
thank you

I will give the IP tables a good look over. I can't quite get my brain around it though. Seems I fix one problem with it and create another problem.

The two machine method is fabulous! I never even gave that a thought! I have several free IP's available so I can put one for a firewall and another for the server.

Thank you for your help
 
Old 07-24-2006, 08:29 PM   #5
hepburnenthorpe
Member
 
Registered: Jun 2006
Location: Sydney
Distribution: Gentoo + Debian
Posts: 132

Rep: Reputation: 15
Quote:
The two machine method is fabulous! I never even gave that a thought!
Two machines? With all those services I would be trying to get my hands on more than two.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Howto: Performance Benchmarks a Web server LXer Syndicated Linux News 0 06-09-2006 03:54 PM
Looking for a very basic HOWTO on setting up a web server CatchFlipsidE Linux - Newbie 5 08-25-2004 01:02 PM
how do i build a web server ? ruwach Linux - Software 5 08-09-2004 08:47 PM
Web Server Administration howto Gear_freak2000 Linux - Newbie 5 04-29-2004 05:21 AM
Secure Web Server HowTo from SuSE mcleodnine Linux - Security 0 08-02-2001 09:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration