Find the answer to your Linux question:
Results 1 to 4 of 4
Thanks for all the suggestions from people over in the Debian thread. I managed to get apache installed and running, and even setup a simple html page. It was shockingly ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2006
    Posts
    4

    General Server Security


    Thanks for all the suggestions from people over in the Debian thread. I managed to get apache installed and running, and even setup a simple html page. It was shockingly easy once I got going.

    Now I am concerned with security tho. It's not that I'm transferring any sensitive documents, but I don't want any punx hijacking my server. I've found the log files, but what else can I do to prevent this. I also know not to run as root.

    Also, does anyone know of a way to work with a dynamic ip? I've heard several options, but don't know which will be best. Something like dynds.org, or maybe a ping utility to maintain my ip (maybe a tos violation?). I don't mnd using an ip number, but I need a way to keep track of it. Thanks in advance for any suggestions/links/advice.

    jr

  2. #2
    Linux User Giles's Avatar
    Join Date
    May 2005
    Location
    Gloucestershire and Cambridge, UK
    Posts
    283
    As far as security goes, there are a couple of tutorials on LFDO that it'd be worth checking out:
    generic linux security HOWTO and
    apache-specific security HOWTO

    I don't have any suggestions as to your IP problem - I currently suffer a similar thing, but I'm just switching ISPs (Tiscali are crap anyway, so I just need a couple of weeks when I wont need to be online, so I can kill the connection)

    Hope this helps
    Toodle-oo
    Giles
    "Our greatest fear is not that we are powerless. Our greatest fear is Microsoft"
    Registered linux user #391027

  3. #3
    Linux Newbie
    Join Date
    Feb 2006
    Location
    KP22
    Posts
    106
    If you have one static ip, the big part of problem is solved. You can of course use somekind "ping this host using this interval", log arriving pings and check from which ip has some specific ping arrived at specific time. Or if you manage to send mail from your host, you can make script, which checks your ip at specific times, if it has changed, it mails this ip for you.

  4. #4
    Linux Engineer adrenaline's Avatar
    Join Date
    Aug 2004
    Location
    Seattle, Washington
    Posts
    1,058
    Quote Originally Posted by jriggs
    Thanks for all the suggestions from people over in the Debian thread. I managed to get apache installed and running, and even setup a simple html page. It was shockingly easy once I got going.

    Now I am concerned with security tho. It's not that I'm transferring any sensitive documents, but I don't want any punx hijacking my server. I've found the log files, but what else can I do to prevent this. I also know not to run as root.

    Also, does anyone know of a way to work with a dynamic ip? I've heard several options, but don't know which will be best. Something like dynds.org, or maybe a ping utility to maintain my ip (maybe a tos violation?). I don't mnd using an ip number, but I need a way to keep track of it. Thanks in advance for any suggestions/links/advice.

    jr
    Security is huge. There are a lot of things you can do like learn ipchains or stick it behind a cisco router. Here is a tip that I do for now
    Look at netstat
    type netstat -an in the cli
    scroll up and that will tell you the IP connections. You will also see what tcp services you are running for instance Web known as http is running on port 80. I close all ports down I am not using. The easiest way to do this is shut the service down that using that port. For instance you will probably see a service called portmap. I don't use this so I go to /etc/rc3.d (not sure about debian) and mv S15portmap to K15portmap then reboot. This tells the OS not to start portmap. On Slackware May be like debian type chmod -x rc.portmap in /etc/rc.d
    I have a web/mail server and the only ports that are open is the mail ports and the web ports and the ssh port.
    This is a good start for securing your computer. I also monitor logs everychance I get.
    Good Luck and welcome to Linux
    Mike
    Some people have told me they don't think a fat penguin really embodies the grace of Linux, which just tells me they have never seen a angry penguin charging at them in excess of 100mph. They'd be a lot more careful about what they say if they had.
    -- Linus Torvalds

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •