Re: securing server

To: Jean-Paul Lacquement <zelos414@gmail.com>, debian-security@lists.debian.org
Subject: Re: securing server
From: P PRABHU <prabhulibra@yahoo.com>
Date: Wed, 7 May 2008 23:05:09 -0700 (PDT)
Message-id: <[🔎] 552365.88484.qm@web50805.mail.re2.yahoo.com>

HI

Steps :

1 ) Dont run Xwindows and better install MINIMAL/SERVER edition of OS
2 ) Remove all unwanted packages. U can very well reduce the number of packages to 300max
3 ) Remove all unwanted user/group accounts
4 ) Update the packages
5 ) Do security tunings in Sysctl.conf
6 ) Do security tunings in ssh like stop Xforwarding, No Root Login etc
7 ) Put Warning in MOTD , issue and issue.nt
8 ) Make sure u need anonymous ftp or not
9 ) Signature off the Apache
10 ) Put login alert script in ,bashrc and .bash_logout to mail u if someone logsin/out
11 ) Run tripwire daily
12 ) Keep the machine behind firewall,ids/ips
13 ) Do security tunings in security.conf
14 ) Run apache-ssl instaed of apache
15 ) Run apache etc in chroot
16 ) Check whether u need Directory listing in Apache if not block it.
17 ) Run Clamav kind of freeAV for scanning.
18 ) 
To prevent ProFTPd DoS attacks using ../../.., add the following line in /etc/proftpd.conf: DenyFilter \*.*/

Finally 

1 ) Run free Vulnerability scanners like Retina etc and find any vulnerability is there in final machine
2 )take all inventory like packages installed etc and do a weekly check is there any change in packages.

Libras

----- Original Message ----
From: Jean-Paul Lacquement <zelos414@gmail.com>
To: debian-security@lists.debian.org
Sent: Wednesday, May 7, 2008 2:39:02 PM
Subject: securing server

Hi,

I plan to secure my Debian stable (or testing if you say it's better) server.


I already did the followings:
- installed chkrootkit
- installed fail2ban (for ssh and proftpd)
- allow only one user (not root) via /etc/ssh/sshd_config, only ssh v2


The followings daemon are installed :
- proftpd
- apache2
- ssh

Would you please list me which packages to install and which rules to apply ?

Many thanks,
Jean-Paul


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

Reply to:

Follow-Ups:
- Re: securing server
  - From: Rich Healey <healey.rich@gmail.com>

Prev by Date: Re: apt-get may accept inconsistent data
Next by Date: Re: securing server
Previous by thread: Re: securing server
Next by thread: Re: securing server
Index(es):
- Date
- Thread