LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-09-2001, 02:16 PM   #1
prowzen
Member
 
Registered: Apr 2001
Location: Canada
Distribution: RH 7.0,
Posts: 89

Rep: Reputation: 15
your ideas on internet security please.....


Hi folks,
I want to host a web site. A simple site to host web pages using Apache web server, run a mail server and run some servlets later on using a tomcat engine.
I have been digging through a couple of books 'Maximum security' and 'real world linux security' to learn the security aspects.
Iam a newbie in this and have no prior experience other than developing java Ecom stuff for the internet.
I would love to hear your suggestions on how to get going. Some of the questions that I have on mind are...(and wud love to hear your suggestions on these questions).......

1. Which is a secure & stable (& preferably simple) distro for running a web server? and a mail server?
2. Will sendmail program be sufficient to run a decent enuff mail server? Any security holes with this? Or any alternatives?
3. How do I protect myself from attacks.. Some of the things I learnt are to close unwanted ports, pass all communication through a firewall...Any suggestions to add to it?

I would appreciate it very much if you cud share your experiences and suggestions..

thanks a bunch
Prowzen
 
Old 07-10-2001, 06:27 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
1. Which is a secure & stable (& preferably simple) distro for running a web server? and a mail server?
No one would be safe answering this without mentioning BSD's first tho that aint Linux... IMO every distro has it weaknesses, it's the context in which u handle it tho that makes the difference. If u take Redhat, go for the .2 series, theyre supposed to be more "evolved" compared to the .0's, Debian isnt a frontrunner but is conservatively built with security in mind. Almost any distro will do IMO. What I mean with context is that u understand the risks and act on it.
1. Don't throw all ure eggs in one basket. Like on a firewall, *no* development should be done on these boxes, no SUID or user tools installed, no X, no user accounts and no unsecure mgmnt connections if u can!
Keeping the box clean will also give u a better overview to focus on applications with a higher patch/upgrade rate.
2. U asked for simple. That is a basic failure to comply with Linux :-p Linux aint simple, and it isn't ment to be. Learning to properly configure linux can be a pain, but only there ull learn from it instead of another case of GUI-button-clicking.
3. Compile kernel monolithic and disable loading modules to disable ppl using LKM-based rootkits. Use Bastille-Linux or equivalent to tighten basic post-install security.
4. Security is dynamic. Investing some time in setting up backups, IDS(Snort, Port/Hostsentry, remote logging) and integrity(Aide, Tripwire, Samhain, Cops, Tara, Chkrootkit etc) checking will help manage ure box(es) and can help signal anomalies in an early stage.
5. Keep ure eye on new releases/patches from both ure vendor and some independant sources.

Quote:
2. Will sendmail program be sufficient to run a decent enuff mail server?
Yes if properly configured (current is v8.11.4).
"Sendmail 8.11.4 is available; it fixes a signal race condition and includes bug fixes for 8.11.3"
Quote:
Any security holes with this?
---
Xforce-ISS: sendmail-bi-alias(3795)
Issued: Jan 2001
Topic: The Debian GNU/Linux 2.1 Sendmail application contains a problem with the code to regenerate the aliases database. Upgrade to Sendmail version 8.9.3-3slink1.0.1 or later.
---
Xforce-ISS: sendmail-elevate-privileges(6147)
Issued: Feb 2001
Topic: Sendmail -bt command could allow the elevation of privileges
Affected:
http://xforce.iss.net/static/6147.php
---
RAZOR advisory: Unsafe Signal Handling in Sendmail
Issue Date: May 28, 2001
Topic: Sendmail signal handlers used for dealing with specific signals are vulnerable to numerous race conditions.
Affected Systems: Any systems running sendmail (tested on sendmail 8.11.0, 8.12.0-Beta5) (Also look at http://archives.neohapsis.com/archiv...1-05/0274.html)
---
To name just three.
Quote:
Or any alternatives?
Qmail, Postfix.

Quote:
3. How do I protect myself from attacks.. Some of the things I learnt are to close unwanted ports, pass all communication through a firewall...Any suggestions to add to it?
Read CERT and SANS on configuring basic unix. Search this board or AUSCERT for the unix checklist.

Good luck.

Last edited by unSpawn; 07-10-2001 at 06:43 AM.
 
Old 07-10-2001, 11:17 AM   #3
prowzen
Member
 
Registered: Apr 2001
Location: Canada
Distribution: RH 7.0,
Posts: 89

Original Poster
Rep: Reputation: 15
Thanks for all the info unSpawn. Most appreciated.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet Security? hopesfall Linux - Newbie 3 08-05-2005 02:07 AM
Slow connection to the internet... Ideas? Jesterace Debian 2 01-23-2005 11:31 PM
Internet Security Scanner? lemay_jeff Linux - Security 3 09-14-2004 07:54 AM
Internet problem, Any ideas ??? amp2000 Linux - General 5 01-11-2002 08:31 PM
Career in Internet Security Kalyani Linux - Security 3 06-26-2001 09:06 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration