Server Security

Posted by mahatmanich on Server Fault See other posts from Server Fault or by mahatmanich
Published on 2010-04-14T13:20:36Z Indexed on 2010/04/14 13:33 UTC
Read the original article Hit count: 584

Filed under:
|
|

I want to run my own root server (directly accessible from the web without a hardware firewall) with debian lenny, apache2, php5, mysql, postfix MTA, sftp (based on ssh) and maybe dns server.

What measures/software would you recomend, and why, to secure this server down and minimalize the attack vector? Webapplications aside ...

This is what I have so far:

  • iptables (for gen. packet filtering)
  • fail2ban (brute force attack defense)
  • ssh (chang default, port disable root access)
  • modsecurity - is really clumsy and a pain (any alternative here?)

  • ?Sudo why should I use it? what is the advantage to normal user handling

  • thinking about greensql for mysql www.greensql.net
  • is tripwire worth looking at?
  • snort?

What am I missing? What is hot and what is not? Best practices?

I like "KISS" -> Keep it simple secure, I know it would be nice!

Thanks in advance ...

© Server Fault or respective owner

Server Security

Posted by mahatmanich on Stack Overflow See other posts from Stack Overflow or by mahatmanich
Published on 2010-04-14T13:20:36Z Indexed on 2010/04/14 13:23 UTC
Read the original article Hit count: 584

Filed under:
|
|

I want to run my own root server (directly accessible from the web without a hardware firewall) with debian lenny, apache2, php5, mysql, postfix MTA, sftp (based on ssh) and maybe dns server.

What measures/software would you recomend, and why, to secure this server down and minimalize the attack vector? Webapplications aside ...

This is what I have so far:

  • iptables (for gen. packet filtering)
  • fail2ban (brute force attack defense)
  • ssh (chang default, port disable root access)
  • modsecurity - is really clumsy and a pain (any alternative here?)

  • ?Sudo why should I use it? what is the advantage to normal user handling

  • thinking about greensql for mysql www.greensql.net
  • is tripwire worth looking at?
  • snort?

What am I missing? What is hot and what is not? Best practices?

I like "KISS" -> Keep it simple secure, I know it would be nice!

Thanks in advance ...

© Stack Overflow or respective owner

Related posts about debian

Related posts about linux