Howto keep Redhat system secure?

**anna^_^** · 11-18-2003

Hi
I am totally new to RedHat, but I like it so far and it's challenging at the same time.

I got a server to host my own website. At the beginning I had help with the server configuration. Here are my questions and please help me as much as you can. Much appreciated....

How do I keep my server secure? Basically what do I have to check often and update so I can keep my server up to date.
Where can I learn more about Logs?? I was told that has to be checked often. Since I know nothing about it (

), how do I know what I have to check to make sure everything is in order and how do I know when something is wrong?

I also would like to keep hackers away. APF is enough for that??

Any help, suggestion much appreciated
Thank you all

**kriss** · 11-18-2003

Hi!

The most important rule is to sign up on the server applications mailing list to get info on when new versions are released, allways keep your system updated and to turn off unwanted processes.

Some links that might intrest you:

http://www.linuxsecurity.com/docs/
http://www.lids.org/document.html
http://grsecurity.org/
http://freshmeat.net/projects/tripwire
http://tinyurl.com/vkjb

Good luck, hope this helps

**Anonymous** · 11-18-2003

Basicly just keep your Apache files up to date for security reasons.

And you log files should be in /var/log/apache

**anna^_^** · 11-19-2003

Thank you both of your replies and suggestions. I will defenitly look at those page and make sure Apache is updated often.

**flw** · 11-19-2003

Take a look at http://www.this_site_does_not_exist/viewtopic.php?t=142

Then on the log issue look at them daily so you get a feel for what looks typical. Then when you see something different you can feed the line into google or post it here to see if we can help. Nimba and Code Red still run wildly on the net which doesn't threaten you but you will see unusual log entires due to it. Expect them but also get it confirmed so you know what it really is.

When ever in doubt, check and verify. We are here for that. Also use some of the web based site for checking for weakness to scan you for holes. i.e. open ports, unneeded services, banner or any info leaks.

Good luck and come back sometime,

**anna^_^** · 11-19-2003

Originally Posted by flw

Take a look at http://www.this_site_does_not_exist/viewtopic.php?t=142

Then on the log issue look at them daily so you get a feel for what looks typical. Then when you see something different you can feed the line into google or post it here to see if we can help. Nimba and Code Red still run wildly on the net which doesn't threaten you but you will see unusual log entires due to it. Expect them but also get it confirmed so you know what it really is.

When ever in doubt, check and verify. We are here for that. Also use some of the web based site for checking for weakness to scan you for holes. i.e. open ports, unneeded services, banner or any info leaks.

Good luck and come back sometime,

I will check out that post for sure.
I have a question. I checked my logs /var/log/secure
I found a few "anonymous: no such user found" . Are these hacking attempts??

**jasonlambert** · 11-19-2003

Do you have an FTP server running?

I would guess that it is someone scanning for FTP servers configured incorrectly (they allow annonymous logins with write access).

Something worth pointing out... your going to see a lot of this sort of stuff.

Jason

**anna^_^** · 11-19-2003

Originally Posted by Jaguar

Do you have an FTP server running?

I would guess that it is someone scanning for FTP servers configured incorrectly (they allow annonymous logins with write access).

Something worth pointing out... your going to see a lot of this sort of stuff.

Jason

Yes I do and I believe it's part of Plesk. I probably misconfigured it and will look into that.
Thanks for the advise good to know this wasn't a hacking attempts.

If I need more help i will keep coming back to my topic or to this board, I'm glad I found it.

**flw** · 11-20-2003

Yes it was a attempt to see if you have annonymous logins enabled. As j pointed out it is standard fair for all servers to be probed over and over. So now you know your 1st log entry thats normal but also not welcomed. Expect more to come of different natures.

Back on the log issue you'll want to check all your logs not just ftp server log.

**anna^_^** · 11-20-2003

Originally Posted by flw

Yes it was a attempt to see if you have annonymous logins enabled. As j pointed out it is standard fair for all servers to be probed over and over. So now you know your 1st log entry thats normal but also not welcomed. Expect more to come of different natures.

Back on the log issue you'll want to check all your logs not just ftp server log.

Yes I understand and I did.

Which logs are the ones have to be checked every day?

These logs are found in the /var/log

apf_log
cron
ksyms
boot_log
maillog
dmesg
messages
mysqld.log
rpmpkgs
secure
spooler
up2date
wtmp

If you don't mind could you tell me which log is for what?

Thanks so much

Thread Tools

Display

Howto keep Redhat system secure?

Posting Permissions