Re: antivirus for webserver

To: debian-security@lists.debian.org
Cc: debian-security@lists.debian.org
Subject: Re: antivirus for webserver
From: "R. W. Rodolico" <techinfo@dailydata.net>
Date: Mon, 06 Oct 2008 21:57:50 -0500
Message-id: <[🔎] 48EAD02E.7030309@dailydata.net>
Reply-to: techinfo@dailydata.net
In-reply-to: <[🔎] A0766E34AA79F018F96104B6@ZOP-MACTEL.local>
References: <[🔎] 48E9C7F9.1010006@upm.es> <[🔎] A0766E34AA79F018F96104B6@ZOP-MACTEL.local>

Over about ten years of running web servers, small and large, I have had
one problem so far (rootkit). That was because I did not secure services
and left a port open.

On web servers, kill all services you don't need, secure what you do
need (please, get ssh off of port 22 and require certificates), and keep
it updated.

And, install a good log summary program and read the results religiously.

Rod

Michael Loftis wrote:
> Don't forget about the box, make sure to keep it upgraded regularly as
> security updates come out.  Also make sure to upgrade it to the latest
> distribution of Debian as those come out because older distributions
> only have limited security support, and are eventually dropped
> altogether from security.  Running AV software on a Linux/Unix is
> generally done to try to find virii infecting windows machines being
> stored on your host.
> 
> Also be careful when you're using third party php apps, or even writing
> your own, as those are usually the source of exploits/hacks on Linux
> webservers.  If you can, turn off url_fopen at least, that helps a LOT.
> 
> --On October 6, 2008 10:10:33 AM +0200 Laura Arjona Reina
> <laura.arjona@upm.es> wrote:
> 
>> Hello
>> I have a debian etch webserver, it only has installed
>> ssh+apache+php+mysql.
>> It has no GUI.
>> Nobody sits or connects there to work, only administrators for backing up
>> and update the system.
>> I tried to secure it installing and configuring bastille.
>> Now the only open ports are 22 for ssh and 80 for apache.
>> We don't need any other service: no DNS, no email server, no ldap, just
>> webserver.
>> The connections to mysql are closed from outside, only the webserver can
>> access mysql databases.
>>
>> My question is if it is needed to install an antivirus for keeping the
>> webserver safe. And if it is needed, which antivirus could I use?
>> I thought about clamav but I read about problems keeping up-to-date the
>> software shipped with etch-stable.
>>
>> Thank you
>>
>> Laura Arjona
>>
>>
>>
>>
>>
>>
>> -- 
>> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact
>> listmaster@lists.debian.org
>>
>>
>>
> 
> 
>

Reply to:

Follow-Ups:
- Re: antivirus for webserver
  - From: "W. Martin Borgert" <debacle@debian.org>

References:
- antivirus for webserver
  - From: Laura Arjona Reina <laura.arjona@upm.es>
- Re: antivirus for webserver
  - From: Michael Loftis <mloftis@modwest.com>

Prev by Date: Re: Keeping the webserver safe
Next by Date: Re: antivirus for webserver
Previous by thread: Re: antivirus for webserver
Next by thread: Re: antivirus for webserver
Index(es):
- Date
- Thread