I want to run my own root server (directly accessible from the web without a hardware firewall) with debian lenny, apache2, php5, mysql, postfix MTA, sftp (based on ssh) and maybe dns server.
What measures/software would you recomend, and why, to secure this server down and minimalize the attack vector? Webapplications aside ...
This is what I have so far:
- iptables (for gen. packet filtering)
- fail2ban (brute force attack defense)
- ssh (chang default, port disable root access)
modsecurity - is really clumsy and a pain (any alternative here?)
?Sudo why should I use it? what is the advantage to normal user handling
- thinking about greensql for mysql www.greensql.net
- is tripwire worth looking at?
- snort?
What am I missing? What is hot and what is not? Best practices?
I like "KISS" -> Keep it simple secure, I know it would be nice!
Thanks in advance ...
-
post this question to Serverfault
meagar : Post this answer as a comment :pmahatmanich : Hey Alexander, I am new here, whats serverfault? Same services different website different login?Alexander : thanks, will know from now on.Alexander : yes, just copy your account to that service and you're all set ;)Buggabill : Similar service. You can use same OpenID login and copy your profile over there.mahatmanich : thanks gents ...From Alexander -
For ssh, you can use both password and keys, but for root it is a good idea to only permit the root login using a key based auth, which is handfull (I like ssh root@host).
Maxwell : Better not permit root logins via ssh, but prefer su/sudo.mahatmanich : Maxwell I am using su - to get my root access whats the difference between that and sudo?Bart Silverstrim : one, sudo can be configured to limit available commands that can be run. Two, sudo is logged when it's used. Three, it mitigates accidentally doing things that can damage the system, as you have to think slightly more before running privileged commands.mahatmanich : Thanks for the insights Bart ... I'll look into it!From aif
0 comments:
Post a Comment