Hello,
You are running too many services in just one box. It
may lead to problems latter. To minimize that, I would
suggest you to chroot apache and run it with a
specific apache user (like apache or www). A good idea
would be install it with the mininum number of
features possible (look at
http://www.securityfocus.com/infocus/1694).
You didn't mention which mail server you are using.
Run a good one (postfix or qmail). In addition to
that, no matter the security measures you are using,
keep your
server updated. You could also use some Host-based IDS
or log analysis tool to improve the detection
capabilities there. I suggest OSSEC HIDS
(www.ossec.net/hids/), because it does log analysis
and integrity checking together (in addition to have a
nice correlation engine and a nice notification tool),
but I'm suspicious to talk about it :).
Hope it helps..
--
Daniel B. Cid, CISSP
daniel.cid @ (at) {gmail. com}
--- AragonX <aragonx@dcsnow.com> escreveu:
I had an intrusion on one of my servers and am in
the process of hardening
it (after a reinstall). I'm using Fedora Core 4.
I've taken all the
basic steps (shutting down unused services etc) and
have done the
following:
Installed Smothwall on a separate box.
Installed & configured AIDE, Snort and chkrootkit
Ran Bastille
I am in the process of configuring LIDS. I'm using
LIDS instead of
SELinux because it's easier for me to configure.
My next and final step will be to install
mod_security.
The server performs the following tasks:
Web (Squirrelmail, eGroupWare, myPhpAdmin and
others) and email serving
to the internet.
File, print and DHCP serving to my local network.
I'm looking for more preventative measures. It
appears that LIDS and
mod_security are the only ones in that role now.
Should I jail apache?
Would that give me any benefits over what LIDS
provides?
Thank you in advance.
__________________________________________________
Converse com seus amigos em tempo real com o Yahoo! Messenger
http://br.download.yahoo.com/messenger/
