Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Oct 2004
Configuring/Securing a Dedicated Server
I'm a web developer that has been asigned the task to "install and configure" a dedicated server that will be running Linux (don't know what distro, I think it is Fedora Core if I recall correctly). The small "problem" is that I never did this before, and regardless of what the hosting includes configured, I don't know where to start looking for basic things that "should be" configured in a determined way.
Obviously I'm not asking for an extended response, as I am going to Google a bit (already printed some documents), I don't pretend to make someone write a manual, but I would be very pleased if someone could help in building a list of what to check. The most important things I mean, without going into much detail. I can read documents later, but first I need to know *what* to look for.
I'm not new at Linux as I started playing with it with Slackware 3 and tried Debian 2, Mandrake, Redhat, Fedora... but never used it deeply. And of course, never configured fully a dedicated server to host web sites. I recently did a small course about Linux servers and touched topics like ProFTP, Apache, POP3/SMTP, Webalizer... but only a few hours each.
So basically, a linux-newbie that has to have a ready-to-run server.
Actually I've got this small list of things to check about:
- FTP Server
- Mail (Incoming/Outgoing)
- Web Server
With that in mind, I've got two questions that come to my mind now.
- What is the most recommended Apache version actually? 1.3.x? 2.x.x?
- Should I think on installing PHP 5 or just leave the PHP 4 installation that I guess comes by default?
I also checked the jffnms application, but not sure if it is necesary for a dedicated server.
Basically... what are the first things to check or the steps to see if the system is medium-secure?
Thanks in advance for any answer,
Re: Configuring/Securing a Dedicated ServerOriginally Posted by Katixa
As far as what you need to do goes just be secure. Read up on the latest vulnerabilities, the best security practices (such as chroot jailing) and kernel exploits. kerneltrap.org and linuxsecurity.com are good sources for this.
Your IPTables rules need to be very strict and as flawless as possible. Use auth when possible (and practical). Make sure all your emails are virus scanned (esp. if you have Windows workstations on your network).
That's about all that I have on the top of my head. Good luck."Time is an illusion. Lunchtime, doubly so."
~Douglas Adams, The Hitchhiker's Guide to the Galaxy
- Join Date
- Oct 2004
Thanks for the info.
You touched some of the things that we learned about in the short course (like chroot jailing, auth, and antivirus/antispam systems), but unfortunately I never configured/installed them on my own, so I'm not either a "novice" on them... just a "ah yes I heard about it" one...
I'm afraid to say that at this moment I'm not sure about what "IPTables" is... I heard about it too but I can't remember if we did that or not. Anyway, I'm going to Google about it now.
About the vulnerabilities, good idea. I tried to do a search on the forums but it seems to be disabled due to server load.
Any advice about good sites with global info about vulnerabilities on known programs like apache/mysql/phpmyadmi etc? Or even with the kernel itself. Preferably with feed (xml/rss) system?