RE: Intranet/Public-Server (Apache, Courier, nfs, ssh)

To: "'Michelle Konzack'" <linux4michelle@freenet.de>, "'debian-isp'" <debian-isp@lists.debian.org>
Subject: RE: Intranet/Public-Server (Apache, Courier, nfs, ssh)
From: "Pablo" <paa-listas@argentina.com>
Date: Sun, 5 Feb 2006 13:10:03 -0300
Message-id: <[🔎] 20060205161005.B5C1D17EA9D@antivirus-3.argentina.com>
In-reply-to: <[🔎] IJ-rS.A.2t.Njh5DB@mobilix.private>

>I have this question, because in the near future I will be very long
>outside of Europe and it must be run unattended.

- Use a remote ssh to check it sometime (Not on port 22)
- Do not let direct root login with ssh
- Implement a strong iptables police

Saludos. Pablo.


-----Mensaje original-----
De: Michelle Konzack [mailto:linux4michelle@freenet.de] 
Enviado el: Domingo, 05 de Febrero de 2006 10:17 a.m.
Para: debian-isp
Asunto: Intranet/Public-Server (Apache, Courier, nfs, ssh)

Hello,

we run a Intranet-Fileserver (/home) which use apache, courier, nfs
and ssh.  nfs can only mounted/accessed via local network.

The ~/public_html/ are exported as VHosts and courier-(imap,mta)-ssl
and courier-mlm are accessibel local and public same for ssh.

The server run since 3 years without any problems...
Do not ask how many Hack-Attempts I have had...
I do not count it anymore...

The Server is 100% Up-To-Date and get if neccesary my own backports.


My question is: whats the best practic to secure such All-In-One System?


I have this question, because in the near future I will be very long
outside of Europe and it must be run unattended.

I was thinking to install only the Web-Server on the router and export
all ~/public_html/ from the fileserver to it.  imap/mta/mlm can use
portforwarding but the mta is a problem because the reverse-dns.

The machine is a Athlon XP 3200+ with 3 GByte of memory, 4x 300 GByte
SCSI in Raid-5 and an SDSL with 3,5 MBit currently.  OK, I have 8 fixed
IP-Addresses but I want to use as less material as I can for security
reason and costs.

Generaly the Server need only the Ports 22, 25, 53, 80, 443 and 993.
53 is neccesary, because we run our own DynDNS Service for the Domain.

Greetings
    Michelle Konzack
    Systemadministrator
    Tamay Dogan Network
    Debian GNU/Linux Consultant


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSM LinuxMichi
0033/3/88452356    67100 Strasbourg/France   IRC #Debian (irc.icq.com)


-- 
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

References:
- Intranet/Public-Server (Apache, Courier, nfs, ssh)
  - From: Michelle Konzack <linux4michelle@freenet.de>

Prev by Date: Re: Dynamic or Static routing
Next by Date: Re: Dynamic or Static routing
Previous by thread: Intranet/Public-Server (Apache, Courier, nfs, ssh)
Next by thread: Dynamic or Static routing
Index(es):
- Date
- Thread