Find the answer to your Linux question:
Results 1 to 10 of 10
Hi I am totally new to RedHat, but I like it so far and it's challenging at the same time. I got a server to host my own website. At ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2003
    Posts
    7

    Howto keep Redhat system secure?


    Hi
    I am totally new to RedHat, but I like it so far and it's challenging at the same time.

    I got a server to host my own website. At the beginning I had help with the server configuration. Here are my questions and please help me as much as you can. Much appreciated....

    How do I keep my server secure? Basically what do I have to check often and update so I can keep my server up to date.
    Where can I learn more about Logs?? I was told that has to be checked often. Since I know nothing about it ( ), how do I know what I have to check to make sure everything is in order and how do I know when something is wrong?

    I also would like to keep hackers away. APF is enough for that??

    Any help, suggestion much appreciated
    Thank you all

  2. #2
    Linux Engineer kriss's Avatar
    Join Date
    Jun 2003
    Posts
    1,113
    Hi!

    The most important rule is to sign up on the server applications mailing list to get info on when new versions are released, allways keep your system updated and to turn off unwanted processes.

    Some links that might intrest you:

    http://www.linuxsecurity.com/docs/
    http://www.lids.org/document.html
    http://grsecurity.org/
    http://freshmeat.net/projects/tripwire
    http://tinyurl.com/vkjb

    Good luck, hope this helps

  3. #3
    Linux User
    Join Date
    Nov 2002
    Posts
    420
    Basicly just keep your Apache files up to date for security reasons.

    And you log files should be in /var/log/apache

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Nov 2003
    Posts
    7
    Thank you both of your replies and suggestions. I will defenitly look at those page and make sure Apache is updated often.

  6. #5
    flw
    flw is offline
    Linux Engineer
    Join Date
    Mar 2003
    Location
    U.S.A.
    Posts
    1,025
    Take a look at http://www.this_site_does_not_exist/viewtopic.php?t=142

    Then on the log issue look at them daily so you get a feel for what looks typical. Then when you see something different you can feed the line into google or post it here to see if we can help. Nimba and Code Red still run wildly on the net which doesn't threaten you but you will see unusual log entires due to it. Expect them but also get it confirmed so you know what it really is.

    When ever in doubt, check and verify. We are here for that. Also use some of the web based site for checking for weakness to scan you for holes. i.e. open ports, unneeded services, banner or any info leaks.

    Good luck and come back sometime,
    Dan

    \"Keep your friends close and your enemies even closer\" from The Art of War by Sun Tzu\"

  7. #6
    Just Joined!
    Join Date
    Nov 2003
    Posts
    7
    Quote Originally Posted by flw
    Take a look at http://www.this_site_does_not_exist/viewtopic.php?t=142

    Then on the log issue look at them daily so you get a feel for what looks typical. Then when you see something different you can feed the line into google or post it here to see if we can help. Nimba and Code Red still run wildly on the net which doesn't threaten you but you will see unusual log entires due to it. Expect them but also get it confirmed so you know what it really is.

    When ever in doubt, check and verify. We are here for that. Also use some of the web based site for checking for weakness to scan you for holes. i.e. open ports, unneeded services, banner or any info leaks.

    Good luck and come back sometime,
    I will check out that post for sure.
    I have a question. I checked my logs /var/log/secure
    I found a few "anonymous: no such user found" . Are these hacking attempts??

  8. #7
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284
    Do you have an FTP server running?

    I would guess that it is someone scanning for FTP servers configured incorrectly (they allow annonymous logins with write access).

    Something worth pointing out... your going to see a lot of this sort of stuff.

    Jason

  9. #8
    Just Joined!
    Join Date
    Nov 2003
    Posts
    7
    Quote Originally Posted by Jaguar
    Do you have an FTP server running?

    I would guess that it is someone scanning for FTP servers configured incorrectly (they allow annonymous logins with write access).

    Something worth pointing out... your going to see a lot of this sort of stuff.

    Jason
    Yes I do and I believe it's part of Plesk. I probably misconfigured it and will look into that.
    Thanks for the advise good to know this wasn't a hacking attempts.

    If I need more help i will keep coming back to my topic or to this board, I'm glad I found it.

  10. #9
    flw
    flw is offline
    Linux Engineer
    Join Date
    Mar 2003
    Location
    U.S.A.
    Posts
    1,025
    Yes it was a attempt to see if you have annonymous logins enabled. As j pointed out it is standard fair for all servers to be probed over and over. So now you know your 1st log entry thats normal but also not welcomed. Expect more to come of different natures.

    Back on the log issue you'll want to check all your logs not just ftp server log.
    Dan

    \"Keep your friends close and your enemies even closer\" from The Art of War by Sun Tzu\"

  11. #10
    Just Joined!
    Join Date
    Nov 2003
    Posts
    7
    Quote Originally Posted by flw
    Yes it was a attempt to see if you have annonymous logins enabled. As j pointed out it is standard fair for all servers to be probed over and over. So now you know your 1st log entry thats normal but also not welcomed. Expect more to come of different natures.

    Back on the log issue you'll want to check all your logs not just ftp server log.
    Yes I understand and I did.

    Which logs are the ones have to be checked every day?

    These logs are found in the /var/log

    apf_log
    cron
    ksyms
    boot_log
    maillog
    dmesg
    messages
    mysqld.log
    rpmpkgs
    secure
    spooler
    up2date
    wtmp

    If you don't mind could you tell me which log is for what?

    Thanks so much

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •