View Single Post
  #4  
Old 5th March 2010, 16:11
mnzava mnzava is offline
Member
 
Join Date: Aug 2007
Location: Dar es Salaam, Tanzania
Posts: 50
Thanks: 9
Thanked 0 Times in 0 Posts
Default

Dear Till,

Here is the advice from the security adviser of the hosting company after sending the commands. He insist there are no restrictions at all on the firewall.

Also, he advises to use sftp insted of ftp. Can you tell me how to enable sftp?

Also he advises to bind SMTP to 127.0.0.1:25
Here below is his advise.

Please advise since your are very familiar with ispconfig than me.

Thanks in advance.

----------------------------------------------

1. lsof -i -n -P



1.a) MySQL
Code:
mysqld     2475         mysql   10u     IPv4             6189                 TCP *:3306 (LISTEN)
listening to the whole world for connections, can be bad.

If you only expect connections from localhost, then please add this list

to /etc/my.cnf :
Code:
# only listen on localhost

bind-address=127.0.0.1

1.b) IMAP running....?
Code:
couriertc  3049          root    3u     IPv6             7457                 TCP *:143 (LISTEN)
if it's a webserver then IMAP services don't need to be running and

accessible worldwide, right?

outsiders could probe for passwords there....!



1.c) IMAP over SSL running... (same)
Code:
couriertc  3076          root    3u     IPv6             7471                 TCP *:993 (LISTEN)
same as above



1.d) POP running (same)
Code:
couriertc  3092          root    3u     IPv6              7501                 TCP *:110 (LISTEN)
same as above



1.e) POP over SSL running (same)
Code:
couriertc  3114          root    3u     IPv6             7533                 TCP *:995 (LISTEN)

1.f) DNS runnign, but OK.

Code:
mydns      3119        nobody    8u     IPv6             7656                 UDP [::1]:53

mydns      3119        nobody    9u     IPv6             7657                 TCP [::1]:53 (LISTEN)
not an issue as not an open resolver.



1.g) SMTP service running (postfix)
Code:
master     3193          root   12u     IPv4             7795                 TCP *:25 (LISTEN)
should not be necessary on a web server.

if necessary for emails from web-applications, then please bind to

127.0.0.1:25



1.h) FTP server
Code:
pure-ftpd  3207          root    4u     IPv4             7955                 TCP *:21 (LISTEN)

pure-ftpd  3207          root    5u     IPv6             7957                 TCP *:21 (LISTEN)
please make sure is is secured and passwords of permitted users are good

passwords.

It is more secure to use ssh, scp, sftp -- all via sshd and port 22



1.i) NTP running, but restricted. good!

Code:
ntpd       3590           ntp   16u     IPv4             8873                 UDP *:123

ntpd       3590           ntp   17u     IPv6              8874                 UDP *:123



note: 1.f) and 1.i) are not an issue, just noted for completeness.





2. iptables -L -n -v --line-numbers


no restriction at all. :-(



all on loopback interface "lo" should be allowed.

I recommend ssh (22), ftp (21) to be restricted to some certain known secure addresses.

I recommend to block connections (other than loopback allowed above) for

ports mysql (3306), dns (53), smtp (25), ntp (123) and if possible ftp (21) if you use ssh instead.

others, including IMAP, POP, should be blocked in iptables and disabled as a service.

-------------------------------------------------------------

What is your advice?

regards.
Reply With Quote