Re: securing server
Le Wed, 7 May 2008 13:03:03 +0200,
"Jean-Paul Lacquement" <zelos414@gmail.com> a écrit :
> > > I already did the followings:
> > > - installed chkrootkit
> > > - installed fail2ban (for ssh and proftpd)
> >
> > Beware of DOS.
> >
> >
> > > - allow only one user (not root) via /etc/ssh/sshd_config, only
> > > ssh v2
> >
> > If you have multiple administrators, you should not do that.
>
> I am the only one.
> >
> >
> > > Would you please list me which packages to install and which
> > > rules to apply ?
> >
> > There are some hardening packages to look for. Beside that you
> > should review all running processes and turn those off which you
> > dont need (X11 related, rpc, hotplug stuff, etc)
>
> Ok. I'll disable them
>
> >
> > Besides that, what applications you plan to run?
>
> This server will only run proftpd, ssh, apache, nagios(via http),
> samba and cups
Nagios via https could be a good idea. Same for apache, if you can. You
can set RewriteRules that will redirect http connections to https.
For security of ssh, if you plan to access the server via a limited
number of machines, you can consider using port knocking.
>
> >
> > Gruss
> > Bernd
>
> Jean-Paul
>
>
Reply to: