What to check basically on a server to make sure its secure enough ?

Benj

I couple of pointers:

Never run your web server (Apache) as root. It should have it's own user like "nobody"
Never run MySQL as root. It also should have a special user like "mysql"
Disable telnet access to your server. Use SSH for remote administration. Never log in as root, log in as a normal user and "su" to root if needed.

Those are just some basics.

-Chris

Thanks for the answer.

1) Well I have several apache running:

root 2 0 2352 2352 2276 S 0.0 0.2 0:00 apache
270 www-data 2 0 2352 2352 2288 S 0.0 0.2 0:00 apache
271 www-data 2 0 2352 2352 2288 S 0.0 0.2 0:00 apache
272 www-data 2 0 2352 2352 2288 S 0.0 0.2 0:00 apache
273 www-data 2 0 2352 2352 2288 S 0.0 0.2 0:00 apache
274 www-data 2 0 2352 2352 2288 S 0.0 0.2 0:00 apache

One as root, and the others as www-data !?

2) Mysql running as Mysql

3) Telnet enabled (how should I disable it ?) but I always use SSH as auser and SU.

So i'm 70% secure from the basics :/

Benj

Ok that's good... the first Apache thread starts as root, but this doesn't handle any outside request, it just stop/starts other Apache processes as needed.

To disable telnet access, just create a file called /etc/securetty. Inside of it put one line "tty1" then save it. After that you shouldn't be able to telnet into your machine as root.

To completely disable all telnet access, edit your /etc/inetd.conf file. Look for a line like this one:

telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd


Put a "#" in front of it, and reboot your server. All telnets should be disabled.

-Chris

Ok thanks Chris.
I'll do that.

And what about little firewall like portsentry, you think they are worth ?

Viewing my log I saw that my fresh installed server was already probed by a bastard :(

Benj

what's portsentry, i have it running and it alerts me of port scans... got alert today and emailed the admin of the domain and ip :)

Originally posted by eva2000
what's portsentry, i have it running and it alerts me of port scans... got alert today and emailed the admin of the domain and ip :)

Portsentry is an app that either runs as an addirional layer on your webserver or on your firewall to proactively monitor attempts from the Internet to scan for Open ports.

If an open port is found then the cracker will attempt to access your server on that port using a variety of Protocols and attempt to exploit the open port.

Usually servers only allow access via port 80 for standard http and 443 for SSL however more hosting companies are opening up additional ports for access to control panels port 911 on CT for example or 81 on DI.

Open ports shouldn't really be a problem unless you open multiple ports for multiple protocols.

A firewall is a great idea if you have the cash to fund it and can administor it or pay someone to admin it.

My personal fav firewalls are Raptor and checkpoint1

Originally posted by Dave#
A firewall is a great idea if you have the cash to fund it and can administor it or pay someone to admin it.


I think this is the key here, firewalls are usually pretty costly and can be a pain to administer. As long as you keep daily backups, change your passwords on a regular basis, and don't leave any 'holes' open, you really should be ok.

-Chris