General Server Security

[jriggs]

Thanks for all the suggestions from people over in the Debian thread. I managed to get apache installed and running, and even setup a simple html page. It was shockingly easy once I got going.

Now I am concerned with security tho. It's not that I'm transferring any sensitive documents, but I don't want any punx hijacking my server. I've found the log files, but what else can I do to prevent this. I also know not to run as root.

Also, does anyone know of a way to work with a dynamic ip? I've heard several options, but don't know which will be best. Something like dynds.org, or maybe a ping utility to maintain my ip (maybe a tos violation?). I don't mnd using an ip number, but I need a way to keep track of it. Thanks in advance for any suggestions/links/advice.

jr

[Giles]

As far as security goes, there are a couple of tutorials on LFDO that it'd be worth checking out:
generic linux security HOWTO and
apache-specific security HOWTO

I don't have any suggestions as to your IP problem - I currently suffer a similar thing, but I'm just switching ISPs (Tiscali are crap anyway, so I just need a couple of weeks when I wont need to be online, so I can kill the connection)

Hope this helps
Toodle-oo
Giles

[kavalakala]

If you have one static ip, the big part of problem is solved. You can of course use somekind "ping this host using this interval", log arriving pings and check from which ip has some specific ping arrived at specific time. Or if you manage to send mail from your host, you can make script, which checks your ip at specific times, if it has changed, it mails this ip for you.

[adrenaline]

Thanks for all the suggestions from people over in the Debian thread. I managed to get apache installed and running, and even setup a simple html page. It was shockingly easy once I got going.

Now I am concerned with security tho. It's not that I'm transferring any sensitive documents, but I don't want any punx hijacking my server. I've found the log files, but what else can I do to prevent this. I also know not to run as root.

Also, does anyone know of a way to work with a dynamic ip? I've heard several options, but don't know which will be best. Something like dynds.org, or maybe a ping utility to maintain my ip (maybe a tos violation?). I don't mnd using an ip number, but I need a way to keep track of it. Thanks in advance for any suggestions/links/advice.

jr

Security is huge. There are a lot of things you can do like learn ipchains or stick it behind a cisco router. Here is a tip that I do for now
Look at netstat
type netstat -an in the cli
scroll up and that will tell you the IP connections. You will also see what tcp services you are running for instance Web known as http is running on port 80. I close all ports down I am not using. The easiest way to do this is shut the service down that using that port. For instance you will probably see a service called portmap. I don't use this so I go to /etc/rc3.d (not sure about debian) and mv S15portmap to K15portmap then reboot. This tells the OS not to start portmap. On Slackware May be like debian type chmod -x rc.portmap in /etc/rc.d
I have a web/mail server and the only ports that are open is the mail ports and the web ports and the ssh port.
This is a good start for securing your computer. I also monitor logs everychance I get.
Good Luck and welcome to Linux
Mike