Re: securing server

To: debian-security@lists.debian.org
Subject: Re: securing server
From: Rich Healey <healey.rich@gmail.com>
Date: Tue, 13 May 2008 14:34:00 +1000
Message-id: <[🔎] 48291A38.8060800@gmail.com>
In-reply-to: <[🔎] 552365.88484.qm@web50805.mail.re2.yahoo.com>
References: <[🔎] 552365.88484.qm@web50805.mail.re2.yahoo.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

P PRABHU wrote:
> HI
> 
> Steps :
> 
> 1 ) Dont run Xwindows and better install MINIMAL/SERVER edition of OS
> 2 ) Remove all unwanted packages. U can very well reduce the number of packages to 300max
> 3 ) Remove all unwanted user/group accounts
> 4 ) Update the packages
> 5 ) Do security tunings in Sysctl.conf
> 6 ) Do security tunings in ssh like stop Xforwarding, No Root Login etc
> 7 ) Put Warning in MOTD , issue and issue.nt
> 8 ) Make sure u need anonymous ftp or not
> 9 ) Signature off the Apache
> 10 ) Put login alert script in ,bashrc and .bash_logout to mail u if someone logsin/out
> 11 ) Run tripwire daily
> 12 ) Keep the machine behind firewall,ids/ips
> 13 ) Do security tunings in security.conf
> 14 ) Run apache-ssl instaed of apache
> 15 ) Run apache etc in chroot
> 16 ) Check whether u need Directory listing in Apache if not block it.
> 17 ) Run Clamav kind of freeAV for scanning.
> 18 ) 
> To prevent ProFTPd DoS attacks using ../../.., add the following line in /etc/proftpd.conf: DenyFilter \*.*/
> 
> Finally 
> 
> 1 ) Run free Vulnerability scanners like Retina etc and find any vulnerability is there in final machine
> 2 )take all inventory like packages installed etc and do a weekly check is there any change in packages.
> 
> Libras
> 
> ----- Original Message ----
> From: Jean-Paul Lacquement <zelos414@gmail.com>
> To: debian-security@lists.debian.org
> Sent: Wednesday, May 7, 2008 2:39:02 PM
> Subject: securing server
> 
> Hi,
> 
> I plan to secure my Debian stable (or testing if you say it's better) server.
> 
> 
> I already did the followings:
> - installed chkrootkit
> - installed fail2ban (for ssh and proftpd)
> - allow only one user (not root) via /etc/ssh/sshd_config, only ssh v2
> 
> 
> The followings daemon are installed :
> - proftpd
> - apache2
> - ssh
> 
> Would you please list me which packages to install and which rules to apply ?
> 
> Many thanks,
> Jean-Paul
> 
> 

Expanding on that, go to town with metasploit, nessus and nmap.

See if _YOU_ can get in.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIKRo4LeTfO4yBSAcRAjCGAKDITgERoE9+kJ/lKQ/FF20wzz46qwCdHrMV
wZyGTF8TFmC1vZA2/2V4Mgk=
=ouEN
-----END PGP SIGNATURE-----

Reply to:

References:
- Re: securing server
  - From: P PRABHU <prabhulibra@yahoo.com>

Prev by Date: Re: securing server
Next by Date: Re: [SECURITY] [DSA 1575-1] New Linux 2.6.18 packages fix denial of service
Previous by thread: Re: securing server
Next by thread: Question about Security
Index(es):
- Date
- Thread