subject: How To Keep Your Linux Server Secure [print this page] If you are running your system through an Apache web server online, you are probably thinking about your system's security, and what your next step should be. If you are going to have your own server, you need to understand that with it comes responsibility.
While the web server itself (Apache in this example) is not a big security problem (at least not the software package itself), there are a few things you should take care on your system. The first thing you need is a secure password.
You probably know that having a password like 'Mom' or 'girlfriend' is not a good start for securing your system. It is much wiser to use passwords with both numerical and alphabetical characters, plus some extra symbols.
This is a good password: ILik3-PeN_gu1nS. Passwords should be complicated as there are a lot of ways someone can get your encrypted password.
When we are talking about Linux systems with a web-server, the first thing that may come to mind are all those numerous buggy CGI scripts that make you get /etc/passwd file from the attacked system.
When that is done, a copy of Crack or John the Ripper can be used for cracking the password. Always remember: a good password is harder to crack.
If you use some basic word for a password, a good word list will make the cracker software spit your en-encrypted password on the screen in no-time. Next, you need to think about your file transfers and remote log-ins.
Think what software packages should run on your system, and remove the ones that you don't need. If you are thinking about transferring files from and to your system shut the FTPd down.
There is far more secure way that does the same - SCP. By quickly checking the man pages for SCP, we get: SCP copies files between hosts on a network.
It uses ssh for data transfer, and uses the same authentication and provides the same security as ssh. Unlike RCP, SCP will ask for passwords or pass phrases if they are needed for authentication.
There is no point of not using the hosts deny and hosts allow files for blacklisting some people, and giving others the right to connect to the system. The hosts allow file (located at /etc/hosts.allow) describes the names of the hosts which are allowed to use the local INET services, as decided by the '/usr/sbin/tcpd' server (for instance telnet, finger, ftp, exec, rsh, ssh, tftp, talk...).
The hosts deny file is doing just the opposite thing and is self explanatory. First add all:all into your host.deny list, which doesn't allow anyone to connect to your INET services, and then edit hosts.allow with all the host names which should be able to connect.
This is the bottom line what should be done on the Linux system that is connected to the Internet. Let's say Murphy's Law strikes-when you add all:all to host.deny list and save the configuration, your Internet connection just crashes and you are not able to connect to the system which is physically thousands of miles from your home.
Because of this, you should first edit hosts.allow and then the hosts.deny list. Next, you need to check the integrity of the system.
While you can use Tripwire or any other similar solution for checking the integrity of files that reside on your system, there is another way of doing this. To tell you the truth, it is not as powerful, but it is usable.
As can be seen from the product description: LogSentry automatically monitors your system logs and mails security violations to you on a periodic basis. It is based on a program that ships with the TIS Gauntlet firewall but has been improved upon in many ways to make it work nicely for normal system auditing.
Setting up your copy of logcheck.sh is very easy, and these are some of the main sections that must be edited: SYSADMIN=admin@dotcom.net.
As the purpose of LogSentry is to send you e-mail alerts of things happening on your system, you should point out your mailbox. Next: LOGTAIL=/usr/local/bin/logtail.
Full path to logtail program is usually in /usr/local/bin. Logtail is custom executable that remembers the last position of a text file.
This program is used by logcheck to parse out information from the last time the log was opened, this prevents reviewing old material twice. Last: TMPDIR=/usr/local/etc/tmp-something.
This should be non public writable /tmp directory which prevents race condition and potential symlink problems. As you can see, there are many ways to make sure that you Linux server stays private and secure for your use only-take the necessary precautions, and you will not regret it when it is too late.
