[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

hardening checkpoints


was recently rootkitted on a debian machine because i'd left an obscure
service running.

now i've generally relied on debian issuing security patches but i thought i
should be more proactive RE security.

here's my proposed checklist to carry out for securing a domain server -
i.e. one which mainly deals with serving websites and email for virtual

could people please supply any enhancements/corrections/deletions or point
to any resources which detail a better hardening checklist for debian.

1. before attaching server to network install and configure tripwire.

and could possibly put key executables on to CD-ROM and leave them in the

2. firewall

not i'm not sure about the need for a firewall - i may need to access the
server over ssh from anywhere.  also, to run FTP doesn't the server need to
be able to open up a varying number of ports.

BTW - FTP *has* to be available - many of the users only know how to use

since my experience of firewalls is to protect a home network i basically
turned off access by default - and then only opened up a couple of ports
which were needed.

maybe the new iptables feature of --state ESTABLISHED which uses stateful
packet filtering is the way forward.

currently - i see no compelling need to set up a firewall - especially since
if i get it wrong i could lose access to the machine.

also, surely the most important set is next - which is

3. make sure only required services are accepting incoming requests.

so, use something like nmap to test for open ports on a remote machine. 
make sure only required services are running.

4. enhance authentication

maybe set up ssh access by authorised keys only - but again this has a
problem when i need to log in to the server from a putty session on a PC in
an internet cafe .

certainly check the strength of the existing passwords.

5. ongoing security

sign up to email lists to monitor security issues RE the services used.

get server to run chkrootkit regularly and email results.

run snort to check for attacks.

get script to run and check status of server every day.

any comments gratefully received,


Reply to: