Re: securing server

To: debian-security@lists.debian.org
Subject: Re: securing server
From: "Stephen Vaughan" <stephenvaughan@gmail.com>
Date: Wed, 7 May 2008 21:57:17 +1000
Message-id: <[🔎] 389c58c40805070457o16c03613w2404048d19109510@mail.gmail.com>
In-reply-to: <[🔎] fa218e630805070209x1c5837cbs6b33c32bf3e2b4b9@mail.gmail.com>
References: <[🔎] fa218e630805070209x1c5837cbs6b33c32bf3e2b4b9@mail.gmail.com>

If your running apache I'd suggest installing modsecurity.

As for the other services, disable password authentication on ssh (start using ssh keypairs), force ssh2

proftpd has a couple of tweaks, remove the banner, implement connection limits

inetd is always worth shutting down unless you really need it

do an nmap on the box locally and see what else is running, install an iptables firewall that will block all ports by default and only open what you need, disable the different icmp types, particularly the timestamp one.

On Wed, May 7, 2008 at 7:09 PM, Jean-Paul Lacquement <zelos414@gmail.com> wrote:

Hi,

I plan to secure my Debian stable (or testing if you say it's better) server.

I already did the followings:
- installed chkrootkit
- installed fail2ban (for ssh and proftpd)
- allow only one user (not root) via /etc/ssh/sshd_config, only ssh v2

The followings daemon are installed :
- proftpd
- apache2
- ssh

Would you please list me which packages to install and which rules to apply ?

Many thanks,
Jean-Paul

--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

--
Best Regards,
Stephen

Reply to:

References:
- securing server
  - From: "Jean-Paul Lacquement" <zelos414@gmail.com>

Prev by Date: Re: securing server
Next by Date: Re: securing server
Previous by thread: Re: securing server
Next by thread: Re: securing server
Index(es):
- Date
- Thread