Server Security

**greenhorn** · 02-11-2008

Greetings:

The system I'm running is Debian 4r2. With just the bare basics installed, along with Apache2, php5 and mysql. I also have an ssh server installed so that I can connect to it remotely.

Whenever I try to sit down and decide to "make" this thing secure, I'm totally stumped. Where do I begin?
Does anyone know of any resources, (books, articles) that I could acquire to get myself up to speed in debian security?

What are the three most important "holes" to plug up in any debian installation?

Sorry if it seems like I'm taking "advantage" of your time here... but I've not be able to get to first base with anything I've found on google.

I'd appreciate the help;

Thanks
gh

**Thrillhouse** · 02-11-2008

I'm certainly not a Debian expert but the first thing I would do is subscribe to the Debian security mailing list. That way you'll be in the know when certain issues arise. There are also a couple of pages you should take a look at including this one and this one.

The first measures I would take would be to make sure your SSH configuration is secure. Either use public key authentication or modify the service to listen on a nonstandard port (you could implement port knocking if you wanted to).

There are also several guides out there for securing a LAMP server. Use Google to find one that's right for you.

Good luck.

**jledhead** · 02-11-2008

hardening debian - Google Search

there's a couple of good links to get you started there.

just don't forget physical access in your plans

Thread Tools

Display

Server Security

Posting Permissions