Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th October 2007, 06:47
wpwood3 wpwood3 is offline
Senior Member
 
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 30 Times in 20 Posts
Question Confused about security options

I will be setting up a new CentOS 5 / Perfect Setup/ ISPConfig server. Currently, I'm running a test server with a similar setup just to experiment before going live with the real thing.

10 minutes after putting my test server online I was hit with port scans and within 8 hours there were 40,000 attempts to login via FTP and SSH.
All of that got me thinking about security!

I've read HowTos here regarding Bastille/PSAD, Snort & Base and others.
Is there a consensus as far as recommended security packages to install?
Obviously, I don't want to go overboard and have the security conflicting with my basic server operation, bogging things down or causes problems with updates.

Given my setup, is there a minimum security setup I should consider beyond just the CentOS 5 / Perfect Setup/ ISPConfig server?

Thanks in advance for any inputs!
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography

Last edited by wpwood3; 14th October 2007 at 16:39.
Reply With Quote
Sponsored Links
  #2  
Old 14th October 2007, 08:34
wpwood3 wpwood3 is offline
Senior Member
 
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 30 Times in 20 Posts
Post After lots of Googling

It appears to me that 2 essential Linux security tools are Snort and Ossec.

Snort does network intrusion prevention
Ossec does host intrusion prevention

There doesn't seem to be excessive overlap between the two packages so they should work together.

Both appear to work with Base as the web front end but, I have no clue how you would install and integrate the 3 packages.

Has anyone installed Snort, Ossec & Base? I would like to know and certainly would love to see a HowTo. Hint hint.
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography
Reply With Quote
  #3  
Old 15th October 2007, 01:59
wpwood3 wpwood3 is offline
Senior Member
 
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 30 Times in 20 Posts
Lightbulb Snort & Base

I found a great HowTo for installing Snort & Base on CentOS 5:
http://www.internetsecurityguru.com/
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography
Reply With Quote
  #4  
Old 15th October 2007, 09:15
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Quote:
Originally Posted by wpwood3
Has anyone installed Snort, Ossec & Base? I would like to know and certainly would love to see a HowTo. Hint hint.
Take a look here: http://www.howtoforge.com/intrusion_...ith_ossec_hids
http://www.howtoforge.com/intrusion_...ion_base_snort
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 15th October 2007, 21:20
wpwood3 wpwood3 is offline
Senior Member
 
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 30 Times in 20 Posts
Default

I installed snort, base and barnyard. Everything seemed to go well but I'm not getting any results in base. It shows all zeros.
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography
Reply With Quote
  #6  
Old 15th October 2007, 22:48
wpwood3 wpwood3 is offline
Senior Member
 
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 30 Times in 20 Posts
 
Talking Solved!

Quote:
Originally Posted by wpwood3
I installed snort, base and barnyard. Everything seemed to go well but I'm not getting any results in base. It shows all zeros.
I finally got Base working!

The problem was a sensor number mismatch:
barnyard.conf had sensor_id 1
the sensor "sid" in the mysql database was set to 2

I simply changed the sid from 2 to 1 in the database and Base came to life!
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange "client" [ ::1] causing "Directory Index Forbidden by Options Directive" Err bpmee Server Operation 19 17th June 2008 16:01
how to enable Mod Rewrite AngelDrago Installation/Configuration 9 10th August 2007 23:20
Beyrl and Ubuntu 7.04 Toriacht Desktop Operation 17 23rd June 2007 21:40
DNS, a little confused.... coe_pal Server Operation 2 4th January 2007 04:47
SE linux problem when security context is modified raj123 Technical 1 28th June 2006 08:57


All times are GMT +2. The time now is 19:27.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.