Find the answer to your Linux question:
Results 1 to 3 of 3
Security Audit and Securing the System ==================================== Security Audit ############ 1)Conduct a Security Audit on the box and create a report for it. (a)Check intrusion Detection.Use chkrootkit for this purpose.Update ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2004
    Posts
    3

    Is this enough to secure a server


    Security Audit and Securing the System

    ====================================


    Security Audit

    ############



    1)Conduct a Security Audit on the box and create a report for it.



    (a)Check intrusion Detection.Use chkrootkit for this purpose.Update the report with these details.



    (b)Check for bugs in softwares which is currently installed on the box.(ie

    Kernel,openssl,openssh etc )Update the report with these details.



    (c)Scan all ports and find out which all are the unwanted ports open.Update the

    report with these details.



    (d)Check if /tmp is secured.Update the report with these details.



    (e)Check for hidden processs.Update the report with these details.



    (f)Check for bad blocks in all particular partition.(this is just to make sure

    that the system is ok).Update the report with these details.



    (g)Check for file permissions.Update the report with these details.



    (h)Check if kernel has ptrace vulnerability.Update the report with these details.



    (i)Check memory(This is to mak sure that the memory is ok).Update the

    report with these details.



    (j)Check for open relay .Update the report with these details.



    (k)Check if the partitions have enough space.Update the report with these details.



    (l)Check for the size of logs.Its better that the log size remains in MBs.





    Steps to be followed for Securing a Server

    ==============================

    1)Correct the file permissions if anything was found wrong in the Security Audit





    2)Close all unwanted port as per Security Audit report.





    3)Disable direct root login.(Configure your server such that no direct root login will

    be allowed.To login as root we should login as admin4u and then su as root)





    4)Configure iptables to accept all ports used .(ie control panel and other

    softwares) and disabled all other ports.





    5)Install and setup apf





    6)Install mod_security .Add this module as DSO to apache





    7)Secure /tmp.Make /tmp noexec and nosuid





    Upgrade all softwares which are buggy according to the security audit report.

    (ie upgrade softwares like openssl,openssh etc )





    9)Add a script which will mail the owner of the box when some one adds user with uid 0.





    10)Take preventive measure for DOS attack ,ip spoofing etc.





    11)If Clients permits installation of tripwire.Then go with it.Its one of the

    best intrusion dedection software.



    #################################################

    Reference:

    http://Linuxsecurity.com

    http://www.rfxnetworks.com/apf.php

    http://www.modsecurity.org/

    http://www.tripwire.com/

  2. #2
    flw
    flw is offline
    Linux Engineer
    Join Date
    Mar 2003
    Location
    U.S.A.
    Posts
    1,025
    Is the post a "how to", a result of a current lockdown of your server that your working on or something else?
    Dan

    \"Keep your friends close and your enemies even closer\" from The Art of War by Sun Tzu\"

  3. #3
    Just Joined!
    Join Date
    Jan 2004
    Posts
    3

    I just want to secure my server

    I am trying to secure my server...so the above steps are the one that i have followed..i need advice from experts ....if that steps are enough to make my server secure....


    please advice.....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •