Find the answer to your Linux question:
Results 1 to 4 of 4
I'm using (nearly current releases of) Ubuntu Server (32bit and 64bit) although I might swap Ubuntu for a BSD later. The machines listen on an arbitrary port for binary streams, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2012
    Posts
    6

    Question How do I harden Ubuntu server?


    I'm using (nearly current releases of) Ubuntu Server (32bit and 64bit) although I might swap Ubuntu for a BSD later.

    The machines listen on an arbitrary port for binary streams, they listen for SSH, they send ICMP echo-requests as heartbeats.

    Where can I learn about hardening my servers? Tips and links would be appreciated

  2. #2
    Penguin of trust elija's Avatar
    Join Date
    Jul 2004
    Location
    Either at home or at work or down the pub
    Posts
    3,309
    A good starting point and then hit it with something like backtrack and fix all the vulnerabilities it finds
    What do we want?
    Time machines!

    When do we want 'em?
    Doesn't really matter does it!?


    Conkybots: Interactive plugins for your Conkys!

  3. #3
    Just Joined! NomiUnger's Avatar
    Join Date
    Aug 2012
    Location
    Israel
    Posts
    4
    Hey there stormbind,

    See the following steps for hardening Ubuntu server:
    1. Check that a firewall is up - on your Ubuntu server or in front of it. Now set port 80 to be open both directions but limit the number of connections to one IP.
    2. Set root so it cannot log in via ssh, and now secure ssh so only private interface connections are permitted.
    3. Next, check that only wheel group users can do su, google can help here.
    4. Perform backups.
    5. Install or set up an IDS.
    6. Install ClamAV.
    7. Consider adding a log parser for convenience.

    Additionally, following are general guidelines for server hardening:
    • Only use secure protocols.
    • Eliminate unnecessary software on the server.
    • Keep OS and security patches up to date.
    • Use strong passwords, changing them regularly.
    • Disable root login unless necessary.
    • Unnecessary ports should be closed and unnecessary services disabled.
    • Utilize system firewall as well as install hardware firewall if possible.
    • Maintain proper backups.
    • Use brute force and intrusion detection systems.
    • Maintain server logs and monitor suspicious activity on your server
    • Limit users’ access according to user needs.

    Good luck
    Nomi
    Last edited by NomiUnger; 08-22-2012 at 01:25 PM.

  4. #4
    Just Joined! Quantum's Avatar
    Join Date
    Jun 2009
    Location
    Seattle, Ecotopia
    Posts
    22
    If you're good enough to adapt it, this is the best:
    nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •