martin f krafft <[EMAIL PROTECTED]> writes:
> also sprach Simon Brandmair <[EMAIL PROTECTED]> [2008.05.07.2020 +0100]:
>> > no security benefit
>>
>> Just wondering: Why not?
>
> http://www.bpfh.net/simes/computing/chroot-break.html
You still need to be root before breaking the jail, and one of
HI
Steps :
1 ) Dont run Xwindows and better install MINIMAL/SERVER edition of OS
2 ) Remove all unwanted packages. U can very well reduce the number of packages
to 300max
3 ) Remove all unwanted user/group accounts
4 ) Update the packages
5 ) Do security tunings in Sysctl.conf
6 ) Do security tu
"Cameron Dale" <[EMAIL PROTECTED]> writes:
> On 5/4/08, Goswin von Brederlow <[EMAIL PROTECTED]> wrote:
>> But you are right. There is something wrong here that is not squids
>> fault:
>>
>> Apt-get should not even send an "If-Modified" query imho. After
>> fetching the Release file is already
Hey guys,
nice that you take care so much for server safety. But is this list not about
"debian-security"? So, about security issues related to debian packages?
There are hundreds of websites and forums about how to administrate and secure
a webserver. Why do it here in this emaillist?
Thanks
Jean-Paul Lacquement un jour écrivit:
Hi,
I plan to secure my Debian stable (or testing if you say it's better) server.
The followings daemon are installed :
- proftpd
- apache2
- ssh
If you need to offer a public ftp access, and that you don't need all
the features of proftpd, I would su
also sprach Simon Brandmair <[EMAIL PROTECTED]> [2008.05.07.2020 +0100]:
> > no security benefit
>
> Just wondering: Why not?
http://www.bpfh.net/simes/computing/chroot-break.html
--
.''`. martin f. krafft <[EMAIL PROTECTED]>
: :' : proud Debian developer, author, administrator, and user
On Wed, 07 May 2008 12:10:08 +0200 martin f krafft wrote:
> also sprach weakish <[EMAIL PROTECTED]> [2008.05.07.1028 +0100]:
>
>> You may consider chroot.
>
> no security benefit
Just wondering: Why not?
Cheers,
Simon
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscr
Jean-Paul Lacquement <[EMAIL PROTECTED]> wrote: Hi,
I plan to secure my Debian stable (or testing if you say it's better) server.
I already did the followings:
- installed chkrootkit
- installed fail2ban (for ssh and proftpd)
- allow only one user (not root) via /etc/ssh/sshd_config, only ssh
Am Mittwoch, den 07.05.2008, 19:39 +0800 schrieb Abdul Bijur
Vallarkodath:
> haha. not really! if u have really managed an online server u'd have
> seen tons of attacks and login attempts on your default ports by bots
> looking around for weaker systems.
But what you suggest doesn't increase th
Alex Mestiashvili wrote:
Jean-Paul Lacquement wrote:
Hi,
I plan to secure my Debian stable (or testing if you say it's better)
server.
I already did the followings:
- installed chkrootkit
- installed fail2ban (for ssh and proftpd)
- allow only one user (not root) via /etc/ssh/sshd_config, o
Jean-Paul Lacquement wrote:
Hi,
I plan to secure my Debian stable (or testing if you say it's better) server.
I already did the followings:
- installed chkrootkit
- installed fail2ban (for ssh and proftpd)
- allow only one user (not root) via /etc/ssh/sshd_config, only ssh v2
The followings
Just install xinted and use the "only_from" option.
H
On Wed, 2008-05-07 at 19:39 +0800, Abdul Bijur Vallarkodath wrote:
> haha. not really! if u have really managed an online server u'd have
> seen tons of attacks and login attempts on your default ports by bots
> looking around for weaker sys
Steve schrieb:
Le 07-05-2008, à 17:34:08 +0800, Abdul Bijur Vallarkodath ([EMAIL PROTECTED]) a
écrit :
just my two pence.
and my two centimes.
* Change the ports of most ports like ssh, ftp, smtp, imap etc. from the
default ones to some other ones.
>From my poo
In article <[EMAIL PROTECTED]> you wrote:
>>* Change the ports of most ports like ssh, ftp, smtp, imap etc. from the
>>default ones to some other ones.
>
>>From my poor understanding of security related issues, I guess this is
> totally useless since any (good) port scanner will defeat th
In article <[EMAIL PROTECTED]> you wrote:
> system, this system Will be running in a data center and i don't want to
> have downtime !
>
> Hardware i use =
>
> server 1 x86 (hp ML330)
> server 2 IA64bit (HP rx1620)
The first thing you need to do is to limit yourself to a single platform.
This he
Le 07-05-2008, à 19:39:57 +0800, Abdul Bijur Vallarkodath ([EMAIL PROTECTED]) a
écrit :
>haha. not really! if u have really managed an online server u'd have
>seen tons of attacks and login attempts on your default ports by bots
>looking around for weaker systems.
Yes I have also s
If your running apache I'd suggest installing modsecurity.
As for the other services, disable password authentication on ssh (start
using ssh keypairs), force ssh2
proftpd has a couple of tweaks, remove the banner, implement connection
limits
inetd is always worth shutting down unless you really
Le Wed, 7 May 2008 13:03:03 +0200,
"Jean-Paul Lacquement" <[EMAIL PROTECTED]> a écrit :
> > > I already did the followings:
> > > - installed chkrootkit
> > > - installed fail2ban (for ssh and proftpd)
> >
> > Beware of DOS.
> >
> >
> > > - allow only one user (not root) via /etc/ssh/sshd_con
Jean-Paul Lacquement schrieb:
Would you please list me which packages to install and which rules to apply ?
The Center of Internetsecurity has several documents of how to secure
different operating systems:
http://www.cisecurity.org/
Hope this helps.
Regards,
Holger
--
To UNSUBSCRIBE, em
haha. not really! if u have really managed an online server u'd have seen
tons of attacks and login attempts on your default ports by bots looking
around for weaker systems.
This is hence especially helpful, I myself have seen these bot attacks
reduce to almost zero once i had changed the port n
Jean-Paul Lacquement wrote:
Hi,
I plan to secure my Debian stable (or testing if you say it's better) server.
I already did the followings:
- installed chkrootkit
- installed fail2ban (for ssh and proftpd)
- allow only one user (not root) via /etc/ssh/sshd_config, only ssh v2
The followings
On Wednesday, 2008-05-07 at 12:47:37 +0200, Steve wrote:
> Le 07-05-2008, à 17:34:08 +0800, Abdul Bijur Vallarkodath ([EMAIL PROTECTED])
> a écrit :
> >just my two pence.
> and my two centimes.
> >* Change the ports of most ports like ssh, ftp, smtp, imap etc. from the
> >default o
> > I already did the followings:
> > - installed chkrootkit
> > - installed fail2ban (for ssh and proftpd)
>
> Beware of DOS.
>
>
> > - allow only one user (not root) via /etc/ssh/sshd_config, only ssh v2
>
> If you have multiple administrators, you should not do that.
I am the only one.
>
Le 07-05-2008, à 17:34:08 +0800, Abdul Bijur Vallarkodath ([EMAIL PROTECTED]) a
écrit :
>just my two pence.
and my two centimes.
>* Change the ports of most ports like ssh, ftp, smtp, imap etc. from the
>default ones to some other ones.
>From my poor understanding of security rela
also sprach weakish <[EMAIL PROTECTED]> [2008.05.07.1028 +0100]:
> Use update-rc.d or sysv-rc-conf to disable unwanted daemons
disable by making them all K00 links
> logcheck
hardly a security measure.
> use integrit/aide/tripwire
only useful with read-only media
> You may consider chroot.
In article <[EMAIL PROTECTED]> you wrote:
> I already did the followings:
> - installed chkrootkit
> - installed fail2ban (for ssh and proftpd)
Beware of DOS.
> - allow only one user (not root) via /etc/ssh/sshd_config, only ssh v2
If you have multiple administrators, you should not do that.
>
just my two pence.
* Change the ports of most ports like ssh, ftp, smtp, imap etc. from the
default ones to some other ones.
It would be nice if you could mention what are you trying to shut out and
against what are u trying to secure.
Thanks,
Abdul
On 5/7/08, Jean-Paul Lacquement <[EMAIL PROT
On Wed, May 07, 2008 at 09:25:59AM +, Jesse Mirza wrote:
> Dear All,
>
> I am planning to use Debian (etch) as a ISPconfig server to host some
> websites can someone point me out the best way to 99,9% secure this
> system, this system Will be running in a data center and i don't want to
>
Yes, I already have a look at those links. I asked this list because
this web page may not cover every threats.
Many thanks.
Jean-Paul
2008/5/7 Yves-Alexis Perez <[EMAIL PROTECTED]>:
> On Wed, May 07, 2008 at 09:09:02AM +, Jean-Paul Lacquement wrote:
> > Hi,
> >
> > I plan to secure my Deb
Dear All,
I am planning to use Debian (etch) as a ISPconfig server to host some
websites can someone point me out the best way to 99,9% secure this
system, this system Will be running in a data center and i don't want to
have downtime !
Hardware i use =
server 1 x86 (hp ML330)
server 2 IA64b
Just too many things.
For example,
Use update-rc.d or sysv-rc-conf to disable unwanted daemons
Edit /etc/security/limits.conf
logcheck
use integrit/aide/tripwire
configrue firewall (via shorewall or iptables directly)
etc.
You may consider chroot.
It's a good idea to read through securin
On Wed, May 07, 2008 at 09:09:02AM +, Jean-Paul Lacquement wrote:
> Hi,
>
> I plan to secure my Debian stable (or testing if you say it's better) server.
[…]
> Would you please list me which packages to install and which rules to apply ?
http://www.debian.org/doc/manuals/securing-debian-howto
Hi,
I plan to secure my Debian stable (or testing if you say it's better) server.
I already did the followings:
- installed chkrootkit
- installed fail2ban (for ssh and proftpd)
- allow only one user (not root) via /etc/ssh/sshd_config, only ssh v2
The followings daemon are installed :
- proft
33 matches
Mail list logo
