Sequring TPS Fedora4

[Hagforce]

Hello again

I used your ISP setup on Fedora 4.

This is my first linux webserver, so new questions come up all the time

I`ve now been running this setup on one server for two monts, and just installed another one for about a week ago.

The setup is basicly unchanged from the tutorial, how sequre is this?.

The question is now how do I sequre the server form attacks.
-I vould like to get logs on attacks etc from the server daily.
-I vould like to proteckt ssh etc from brute force.
-Sugestions on modifications from the default setup to make it more sequre.
-And anything alse to make it fortnox....

What is the max e-mail size in postfix as standard, how tho change this.....

Well, quite many questions....
It sums up to, how do I sequre my server so it don`t get hacked (I know it can`t be 100% sequre),

[falko]

Quote:

Originally Posted by Hagforce

-I vould like to get logs on attacks etc from the server daily.

Have a look at portsentry and logcheck.

Quote:

Originally Posted by Hagforce

-I vould like to proteckt ssh etc from brute force.

http://www.howtoforge.com/preventing...with_denyhosts

Quote:

Originally Posted by Hagforce

What is the max e-mail size in postfix as standard, how tho change this.....

What's the output of

Code:

postconf -n | grep message_size_limit

and

Code:

postconf -d | grep message_size_limit

?

[Hagforce]

The output of postconf -n | grep message_size_limit is nothing....
The output of postconf -d | grep message_size_limit is:

Code:

message_size_limit = 10240000

Thanks for the tisps on sequring the server...

Is this a guide that will work for me on fedora with portsentry and logcheck (keep in mind that I`m a noob)... http://www.falkotimme.com/howtos/chkrootkit_portsentry/
Should I also install Chkrootkit for "antivirus" or is there somting alse....


A few aditional questions...

-I see the server gives output on telnet...
Should i just shut down telnet....
I can`t think of anything I need it for?
It just gives away information on the software I`m running on my server, and gives the hacker a head start?
-Is there any online scanners for testing my server?
-Is there a limit for how many e-mail adresses one can have under one domain?

Thanks again for helping me out

[falko]

Quote:

Originally Posted by Hagforce

The output of postconf -n | grep message_size_limit is nothing....
The output of postconf -d | grep message_size_limit is:

Code:

message_size_limit = 10240000

IF you want to have another message_size_limit, run

Code:

postconf -e 'message_size_limit = 20480000'

, for example, and restart Postfix afterwards.

Quote:

Originally Posted by Hagforce

Is this a guide that will work for me on fedora with portsentry and logcheck (keep in mind that I`m a noob)... http://www.falkotimme.com/howtos/chkrootkit_portsentry/

It should work for you. But the version numbers have increased, this tutorial is a little bit old.

Quote:

Originally Posted by Hagforce

Should I also install Chkrootkit for "antivirus" or is there somting alse....

Have a look here: http://www.howtoforge.com/faq/1_38_en.html

Quote:

Originally Posted by Hagforce

-I see the server gives output on telnet...
Should i just shut down telnet....

I think you mean the telnet client, not the server. The telnet client is ok.

Quote:

Originally Posted by Hagforce

-Is there a limit for how many e-mail adresses one can have under one domain?

No.

[Hagforce]

Quote:

I think you mean the telnet client, not the server. The telnet client is ok.

Yeh, I messed up


I mean the fackt that when I use a machine on the internet with a telnet client, and write "telnet myip 80" I get output on my webserver version "apache 2.0.54 (fedora)"

Same with main en other stuff.

Doesn`t these kind of feedbacks give hackers an advantage in knowing versions an system.

[Hagforce]

I didn`t explain what I ment vell....

When I use a telnet client against port 80 at my server it replies

Code:

<address>Apache/2.0.54 (Fedora) Server at localhost Port 80</address>

And at port 25 it replys

Code:

www.domain.com ESMTP Postfix

Port 110

Code:

+OK AVG POP3 Proxy Server 7.1.371/7.1.385 [268.2.6/287]

Isn`t this usefull information for hackers?
Is it possible to make my server not reply on this....

Or I`m I making no sense now

[till]

You can configure these services to not show version numbers, but i dont have the exact configuration directives at hand.

You may find these informations in the documentation and the man pages of the programs.

[Hagforce]

Ok...

Found it...

If anyone alse would like to do this:

SSH to your fedora box.

Code:

nano /etc/httpd/conf/httpd.conf

Type "ctrl+w" and search for "ServerSignature"
Edit this to ServerSignature off

You can also add "ServerTokens ProductOnly" in the line under to show only Apace, not version.

Type "crtl+x" and save your settings.
Restart Apache

Code:

/etc/init.d/httpd restart

Telnet etc to your box and check
This should mask server version and services.

Didn`t find anyting yet on postfix, dovecot, mysql, proftp and pop3....
Doesn`t seem like port 81 gives out any info

[Hagforce]

After running postconf -e 'message_size_limit = 20480000'
I get:

Code:

[root@www ~]# postconf -d | grep message_size_limit
message_size_limit = 10240000
[root@www ~]# postconf -n | grep message_size_limit
message_size_limit = 20480000

Witch is outgoing/incoming

[falko]

Code:

postconf -d | grep message_size_limit prints

the default value,

Code:

postconf -n | grep message_size_limit

your current setting. So the latter prints what is currently effective.