HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   Sequring TPS Fedora4 (http://www.howtoforge.com/forums/showthread.php?t=3226)

Hagforce 19th March 2006 18:33

Sequring TPS Fedora4
 
Hello again :)

I used your ISP setup on Fedora 4.

This is my first linux webserver, so new questions come up all the time :rolleyes:

I`ve now been running this setup on one server for two monts, and just installed another one for about a week ago.

The setup is basicly unchanged from the tutorial, how sequre is this?.

The question is now how do I sequre the server form attacks.
-I vould like to get logs on attacks etc from the server daily.
-I vould like to proteckt ssh etc from brute force.
-Sugestions on modifications from the default setup to make it more sequre.
-And anything alse to make it fortnox....

What is the max e-mail size in postfix as standard, how tho change this.....

Well, quite many questions....
It sums up to, how do I sequre my server so it don`t get hacked (I know it can`t be 100% sequre),

falko 20th March 2006 12:30

Quote:

Originally Posted by Hagforce
-I vould like to get logs on attacks etc from the server daily.

Have a look at portsentry and logcheck.

Quote:

Originally Posted by Hagforce
-I vould like to proteckt ssh etc from brute force.

http://www.howtoforge.com/preventing...with_denyhosts

Quote:

Originally Posted by Hagforce
What is the max e-mail size in postfix as standard, how tho change this.....

What's the output of
Code:

postconf -n | grep message_size_limit
and
Code:

postconf -d | grep message_size_limit
?

Hagforce 20th March 2006 16:04

The output of postconf -n | grep message_size_limit is nothing....
The output of postconf -d | grep message_size_limit is:
Code:

message_size_limit = 10240000
Thanks for the tisps on sequring the server...

Is this a guide that will work for me on fedora with portsentry and logcheck (keep in mind that I`m a noob)... http://www.falkotimme.com/howtos/chkrootkit_portsentry/
Should I also install Chkrootkit for "antivirus" or is there somting alse....


A few aditional questions...

-I see the server gives output on telnet...
Should i just shut down telnet....
I can`t think of anything I need it for?
It just gives away information on the software I`m running on my server, and gives the hacker a head start?
-Is there any online scanners for testing my server?
-Is there a limit for how many e-mail adresses one can have under one domain?

Thanks again for helping me out :D

falko 20th March 2006 23:26

Quote:

Originally Posted by Hagforce
The output of postconf -n | grep message_size_limit is nothing....
The output of postconf -d | grep message_size_limit is:
Code:

message_size_limit = 10240000

IF you want to have another message_size_limit, run
Code:

postconf -e 'message_size_limit = 20480000'
, for example, and restart Postfix afterwards.

Quote:

Originally Posted by Hagforce
Is this a guide that will work for me on fedora with portsentry and logcheck (keep in mind that I`m a noob)... http://www.falkotimme.com/howtos/chkrootkit_portsentry/

It should work for you. But the version numbers have increased, this tutorial is a little bit old.

Quote:

Originally Posted by Hagforce
Should I also install Chkrootkit for "antivirus" or is there somting alse....

Have a look here: http://www.howtoforge.com/faq/1_38_en.html


Quote:

Originally Posted by Hagforce
-I see the server gives output on telnet...
Should i just shut down telnet....

I think you mean the telnet client, not the server. The telnet client is ok.

Quote:

Originally Posted by Hagforce
-Is there a limit for how many e-mail adresses one can have under one domain?

No.

Hagforce 20th March 2006 23:44

Quote:

I think you mean the telnet client, not the server. The telnet client is ok.
Yeh, I messed up :p


I mean the fackt that when I use a machine on the internet with a telnet client, and write "telnet myip 80" I get output on my webserver version "apache 2.0.54 (fedora)"

Same with main en other stuff.

Doesn`t these kind of feedbacks give hackers an advantage in knowing versions an system.

Hagforce 22nd March 2006 22:23

I didn`t explain what I ment vell....

When I use a telnet client against port 80 at my server it replies
Code:

<address>Apache/2.0.54 (Fedora) Server at localhost Port 80</address>
And at port 25 it replys
Code:

www.domain.com ESMTP Postfix
Port 110
Code:

+OK AVG POP3 Proxy Server 7.1.371/7.1.385 [268.2.6/287]
Isn`t this usefull information for hackers?
Is it possible to make my server not reply on this....

Or I`m I making no sense now :confused:

till 22nd March 2006 22:52

You can configure these services to not show version numbers, but i dont have the exact configuration directives at hand.

You may find these informations in the documentation and the man pages of the programs.

Hagforce 23rd March 2006 09:18

Ok...

Found it...

If anyone alse would like to do this:

SSH to your fedora box.
Code:

nano /etc/httpd/conf/httpd.conf
Type "ctrl+w" and search for "ServerSignature"
Edit this to ServerSignature off

You can also add "ServerTokens ProductOnly" in the line under to show only Apace, not version.

Type "crtl+x" and save your settings.
Restart Apache
Code:

/etc/init.d/httpd restart
Telnet etc to your box and check :)
This should mask server version and services.

Didn`t find anyting yet on postfix, dovecot, mysql, proftp and pop3....
Doesn`t seem like port 81 gives out any info

Hagforce 24th March 2006 11:48

After running postconf -e 'message_size_limit = 20480000'
I get:

Code:

[root@www ~]# postconf -d | grep message_size_limit
message_size_limit = 10240000
[root@www ~]# postconf -n | grep message_size_limit
message_size_limit = 20480000

Witch is outgoing/incoming :confused:

falko 24th March 2006 20:18

Code:

postconf -d | grep message_size_limit prints
the default value,

Code:

postconf -n | grep message_size_limit
your current setting. So the latter prints what is currently effective.


All times are GMT +2. The time now is 20:13.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.