I have a server that I want to use as a FTP backup for a database that will be uploaded every night. Also, the server is going to be used in my office as a test machine for my web development guys to test new things they are coding with PHP. The server has already been installed with Debian 5.0 (Lenny), ProftpD, Apache 2, MySql, PHP5 and PHPMyAdmin. The installation has the basic configurations setup with no tweaks at all. The only thing I configured was ProftpD with virtual users.

I just wanted to know what steps can I take to secure this server? It's not going to be a production server for now, but once the web dev guys are done testing their code, I'll have to either reformat this or migrate this server to a production one, which will be placed online. Currently, it's behind a firewall already and only the ftp and ssh ports are open. I might as well learn how to secure it now, so when it does go into production, I'll already know what type of tweaks and changes that need to be done.

I know that I should check the logs frequently but what else can I do to make sure this is as secure as possible? What tools and specific configurations can I do? Any help would be appreciated.

You could add TLS to your ProFTPd setup: http://www.howtoforge.com/setting-up-proftpd-tls-on-ubuntu-8.10

You could add TLS to your ProFTPd setup: http://www.howtoforge.com/setting-up-proftpd-tls-on-ubuntu-8.10

Thanks for the reply. Is there anything else I can do to this server? I've just added TLS to my ProFTPd installation.

You could also add fail2ban to your setup: http://www.howtoforge.com/fail2ban_debian_etch

You could also add fail2ban to your setup: http://www.howtoforge.com/fail2ban_debian_etch

Thanks again, I'm going to be installing this one too. I really appreciate it.

You could also add fail2ban to your setup: http://www.howtoforge.com/fail2ban_debian_etch

I followed the guide that you provided but now I'm receiving this error in my fail2ban logs:

2009-06-17 20:35:47,135 fail2ban.comm : WARNING Invalid command: ['set', 'sasl', 'failregex', 'warning: [-._\\w]+\\[<HOST>\\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed']

This is my jail.local file:

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1
bantime = 600
maxretry = 3

# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto".
# yoh: For some reason Debian shipped python-gamin didn't work as expected
# This issue left ToDo, so polling is default backend for now
backend = polling

#
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = root@localhost

# Default action to take: ban only
action = iptables[name=%(__name__)s, port=%(port)s]


[ssh]

enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5


[apache]

enabled = true
port = http
filter = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 5


[apache-noscript]

enabled = false
port = http
filter = apache-noscript
logpath = /var/log/apache*/*error.log
maxretry = 5


[proftpd]

enabled = true
port = ftp
filter = proftpd
logpath = /var/log/auth.log
failregex = proftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
maxretry = 5

[sasl]

enabled = true
port = smtp
filter = sasl
failregex = warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed
logpath = /var/log/mail.log
maxretry = 5

And this is what my iptables -L says:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

My ProFTPD is currently setup with TLS, so it might be causing a problem with this setup. Has anyone ever experience this problem?