Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 25th July 2008, 03:09
Carlo Gambino Carlo Gambino is offline
Junior Member
 
Join Date: Jul 2008
Location: Columbus, Ohio
Posts: 17
Thanks: 4
Thanked 0 Times in 0 Posts
Send a message via MSN to Carlo Gambino Send a message via Yahoo to Carlo Gambino
Default Securing my server- am I missing anything?

Hello all!

I am almost ready to take my LAMP server live! I want to ensure I have everything as secure as I possibly can before hand, so here is my list (please let me know if I've overlooked anything):

IPtables: I have configured this for ssh and http to be accessed from outside. Do I need to explicitly allow another port for sFTP or can it share a port with ssh?

rkhunter, chkrootkit and rkdet: Are they necessary? From all I hear about the difficulty of these things in the wild makes me wonder how effective they are. Input or suggestions?

fail2ban: I'm considering using this, although I've installed postfix to set up a mail server at some point, and from what I've heard the two don't mesh well.

System Screening: I've been reading a lot about tiger. This seems to me a worth-while package. I'd like to hear from people who've used it with any feedback.

Log Watch: I don't know which logs to really keep an eye on. Is this worth the install? I don't think there can be a replacement for looking the logs over manually. Is this a good choice or no?

After that, I think I got most of my bases covered. It's almost time to toss up some simple pages and start looking for holes.
Reply With Quote
Sponsored Links
  #2  
Old 25th July 2008, 13:12
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by Carlo Gambino View Post
IPtables: I have configured this for ssh and http to be accessed from outside. Do I need to explicitly allow another port for sFTP or can it share a port with ssh?
No, port 22 is fine.

Quote:
Originally Posted by Carlo Gambino View Post
rkhunter, chkrootkit and rkdet: Are they necessary? From all I hear about the difficulty of these things in the wild makes me wonder how effective they are. Input or suggestions?
They are not necessary, but it doesn't hurt to have them installed. I use both on my systems.

Quote:
Originally Posted by Carlo Gambino View Post
fail2ban: I'm considering using this, although I've installed postfix to set up a mail server at some point, and from what I've heard the two don't mesh well.
I'm using fail2ban together with Postfix and haven't had any problems.

Quote:
Originally Posted by Carlo Gambino View Post
Log Watch: I don't know which logs to really keep an eye on. Is this worth the install? I don't think there can be a replacement for looking the logs over manually. Is this a good choice or no?
logwatch will send you huge emails each morning, so most likely you'll start to ignore these after a few days...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 25th July 2008, 13:56
ralic ralic is offline
Member
 
Join Date: Jun 2008
Posts: 69
Thanks: 0
Thanked 11 Times in 11 Posts
 
Default

Quote:
Originally Posted by falko View Post
I'm using fail2ban together with Postfix and haven't had any problems.
Same for me. No problems so far.
Another benefit of fail2ban is that it will also help protect your sshd and other services as well.

I would add postgrey to your list and optionally spf if you plan to host virtual email domains.

I have a very low traffic mail site, but somehow a bogus address is on a spam list. As a result I was getting a bunch of activity to my domain catch all account due to a large number of postfix connects from spam bots. The majority of spam was getting caught by spamassassin, but still some got through and all the smapassassin activity was increasing my server load unnecessarily. Postgrey has handled this perfectly so far. Not one spam email has got through to be even analysed by spamassasin since I installed postgrey because the spam bots tend to only try once per spam run.

Similarly, there are already entries in my mail logs indicating that spf has rejected email due to spf failures and examining the entries gives me 99.9% certainty that they're bogus.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Reciving mail problem kaliszakpl Installation/Configuration 1 18th March 2008 10:15
Can't start apache Musty Server Operation 12 9th March 2008 13:58
Public and private network + High Availability Apache Cluster teleted HOWTO-Related Questions 11 28th January 2008 14:29
subdomain and mail relay configuration aranthorn Installation/Configuration 24 3rd September 2007 22:53
server blocked/stopped by host Ovidiu Technical 11 14th February 2006 10:50


All times are GMT +2. The time now is 22:29.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.