Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

secure webserver

0 views
Skip to first unread message

Peter C.

unread,
Aug 1, 2002, 11:53:11 AM8/1/02
to
Hello,

I am going to install a new Linux distribution on my webserver - I thought
about SuSE 8.0, because I'm used to it. (but debian or slackware would be
nice,too.. well I'm not sure at the moment). But this time I want to make my
webserver more secure. Before I thought running only required services like
ssh,http,smtp,pop, keeping software updated, reading the Logs frequently,
using ssh and stuff is enough ... well it's definitly not enough.

I've read some postings about linux-security and some docs, and I made a
little list what I would install.
Perhaps you can give me some hints, if the following things help me to make
the webserver more secure, if it's a good idea to install those utilities
together on my system and so on.

First of all a firewall is required, of course. Would you recommand me to
use firewall configuration utilities like Guarddog ?
( http://www.simonzone.com/software/guarddog/ )
Because I'm not yet very familiar with writing iptables parameters & shell
scripts. Well I think I could fit some configuration of the guard-dog-script
to my needs, but writing the whole thing by myselft .. uhm .. no.
I know, I know "Even the most secure OS is useless in the hands of an
incompetent admin.", but anyway I'll use such an utility for my firewall
rules.

Second, I think a NIDS would be helpfull. Is Snort a good choise or is there
a better Open NIDS available ?
( http://www.snort.org )

Next, I would install Tripwire. I guess such a file system integrity
checking tool would be helpfull, too.
( http://www.tripwire.org )

A kind of utility collection I thought about was the TriSentry suite,
consisting of PortSentry, HostSentry and LogSentry. (
http://www.psionic.com/products/trisentry.html )


I know there is no real solution to make a bulletproof secure server, but I
want to reduce the risks of an possible attack.
And if the server was attacked I want to know how - or at least that it was
attacked.
Okey .. yeah... right .. "There's Always Someone Out There Smarter, More
Knowledgeable, or Better-Equipped Than You" and if someone knows how to
install his rootkit on my machine, clean up all the logs and finally puts my
IP in his list of owned servers, I wouldn't even know that there was an
crack-attempt.
But as I said ... I want to reduce these risks.

Finally I thought it would be a good idea to frequently check the securtity
state of the system by using SATAN, TCT or utilities like Saint.

Okey, these are only some ideas of an attempt to secure a system. Please let
me know what you think or which experiences you made with those utilities.

Thanks in advance,
Peter C.


0 new messages