Basic Debian 5.0 (Lenny) Installation w/ Apache + MySql + Myphpadmin + ProftpD

Discussion in 'Installation/Configuration' started by n0fx, Jun 8, 2009.

  1. n0fx

    n0fx New Member

    I have a server that I want to use as a FTP backup for a database that will be uploaded every night. Also, the server is going to be used in my office as a test machine for my web development guys to test new things they are coding with PHP. The server has already been installed with Debian 5.0 (Lenny), ProftpD, Apache 2, MySql, PHP5 and PHPMyAdmin. The installation has the basic configurations setup with no tweaks at all. The only thing I configured was ProftpD with virtual users.

    I just wanted to know what steps can I take to secure this server? It's not going to be a production server for now, but once the web dev guys are done testing their code, I'll have to either reformat this or migrate this server to a production one, which will be placed online. Currently, it's behind a firewall already and only the ftp and ssh ports are open. I might as well learn how to secure it now, so when it does go into production, I'll already know what type of tweaks and changes that need to be done.

    I know that I should check the logs frequently but what else can I do to make sure this is as secure as possible? What tools and specific configurations can I do? Any help would be appreciated.
     
  2. falko

    falko Super Moderator ISPConfig Developer

  3. n0fx

    n0fx New Member

  4. falko

    falko Super Moderator ISPConfig Developer

  5. n0fx

    n0fx New Member

  6. n0fx

    n0fx New Member

    I followed the guide that you provided but now I'm receiving this error in my fail2ban logs:

    2009-06-17 20:35:47,135 fail2ban.comm : WARNING Invalid command: ['set', 'sasl', 'failregex', 'warning: [-._\\w]+\\[<HOST>\\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed']

    This is my jail.local file:

    [DEFAULT]

    # "ignoreip" can be an IP address, a CIDR mask or a DNS host
    ignoreip = 127.0.0.1
    bantime = 600
    maxretry = 3

    # "backend" specifies the backend used to get files modification. Available
    # options are "gamin", "polling" and "auto".
    # yoh: For some reason Debian shipped python-gamin didn't work as expected
    # This issue left ToDo, so polling is default backend for now
    backend = polling

    #
    # Destination email address used solely for the interpolations in
    # jail.{conf,local} configuration files.
    destemail = [email protected]

    # Default action to take: ban only
    action = iptables[name=%(__name__)s, port=%(port)s]


    [ssh]

    enabled = true
    port = ssh
    filter = sshd
    logpath = /var/log/auth.log
    maxretry = 5


    [apache]

    enabled = true
    port = http
    filter = apache-auth
    logpath = /var/log/apache*/*error.log
    maxretry = 5


    [apache-noscript]

    enabled = false
    port = http
    filter = apache-noscript
    logpath = /var/log/apache*/*error.log
    maxretry = 5


    [proftpd]

    enabled = true
    port = ftp
    filter = proftpd
    logpath = /var/log/auth.log
    failregex = proftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
    maxretry = 5

    [sasl]

    enabled = true
    port = smtp
    filter = sasl
    failregex = warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed
    logpath = /var/log/mail.log
    maxretry = 5

    And this is what my iptables -L says:

    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    My ProFTPD is currently setup with TLS, so it might be causing a problem with this setup. Has anyone ever experience this problem?
     

Share This Page