Security on a Server
Liberty Young
plug-discuss@lists.plug.phoenix.az.us
26 Mar 2003 15:53:48 -0700
Of course, there's the mantra that will be in the first 10 replies to
your message
remove everything but what you _need_
And of course, there's the multitude of books. Check out the O'Reilly
section at your favorite book store..
The only unique thing i would add would be this:
Install an IDS, and have its and syslog's logs either sent out to
non-local location (ie, pgp signed mail to your mailbox) or stored
elsewhere (a tape drive, cd, usb-connected device) so the storage medium
can be rotated out and filed away.
That, and don't let it be used as a workstation. I know it's tempting,
i've done it before, but it makes it harder to maintain and lock down.
Since it'd be used at a University, you're really just asking for heaps
of trouble.
The better solution is to either donate a hard drive with linux
pre-installed, and have some one buy a copy of VMWare to install on a
Windows machine.
OR, use knoppix. I've had my doubts about it, but my co-worker just
showed me what it could do, and i must admit, it looks sweet. I really
believe that knoppix is a perfect tool for easing people into the linux
world without making too many changes to their computer.
On Wed, 2003-03-26 at 15:38, Steve Hasz wrote:
> Dear PLUG Members,
>
> Hello to the people I know on the list. I attended a couple of meetings,
> although I'm not in Phoenix as often as I was.
>
> I'm doing a volunteer project with some guys using an Open Source mapserver
> tool to show changing environmental conditions in Central America.
>
> We have a brand spanking new server and install of Redhat, including an IP
> to the machine and a domain set up in DNS. It's setting at a University and
> will be used as the server for the mapserver app which will be served up on
> the web to those interested. It will be a dual use machine to get people in
> the department interested in Linux as a workstation as well, but won't see
> too much use in that regard. I'm able to SFTP and SSH in to look around.
> I'm about 5,000 miles away, but there is a set of hands there with the
> server.
>
> I'm somewhat familiar with FreeBSD, since I run a VPS at Verio, so
> understand the basics of using the command line and Apache and config files.
> My question is about security. We want to get the server secure before we
> open it up as a webserver. Is there a pointer where I can get a detailed
> walkthrough about disabling services, which to disable, what to lock down
> and how?
>
> Best,
> Steve
> www.roatanet.com - Visitors Guide to Roatan and the Bay Islands
> www.travel-to-honduras.com - Your Travel Guide to Honduras
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss