UNIX-Security Advise

Posted by Phoibe on Server Fault See other posts from Server Fault or by Phoibe
Published on 2011-02-22T22:36:49Z Indexed on 2011/02/22 23:27 UTC
Read the original article Hit count: 415

Filed under:

server

|

security

|

unix

Hello, I want to build a quite secure UNIX-Server. Mechanisms I already implemented:

SNORT + fwsnort for banning
psad to block network-scanning attempts
Portknocking to start+open SSH (key-based login - no password)
hourly update of IP-Tables-Rules from a Security-Subscription
Fail2Ban
ClamAV & Rootkithunter + Logwatch

What service-independent security mechanism would you add to this? What mechanism are you using? The server will run Apache&Postfix. For Apache hiding the server-information ofc. and nothing I can think of for Postfix. Thanks

© Server Fault or respective owner

Related posts about server

SQL SERVER – Server Side Paging in SQL Server 2011 Performance Comparison

as seen on SQL Authority - Search for 'SQL Authority'
Earlier, I have written about SQL SERVER – Server Side Paging in SQL Server 2011 – A Better Alternative. I got many emails asking for performance analysis of paging. Here is the quick analysis of it. The real challenge of paging is all the unnecessary IO reads from the database. Network traffic was… >>> More
Should I switch my server to Ubuntu Server from Windows Server 2003

as seen on Server Fault - Search for 'Server Fault'
I have a server thats primarily used for SRCDS, I host a few Team Fortress 2 servers on it and I would much prefer a ssh-like (more so the no-gui part) for something like this, mostly because I can't navigate with my phone on VNC very well and also because there really is no need for a gui in this… >>> More
Windows web server and SQL Server on same dedicated server

as seen on Server Fault - Search for 'Server Fault'
I'm currently trying to decide on the best approach to handle hosting a few moderate traffic websites for production e-commerce and online applications. We'd like to move to a dedicated server and are looking at this as the most likely machine: Quad Core Intel Core2Quad Q9550 Processor, 2.83 Ghz… >>> More
Windows 7 Desktop/Start Menu Redirection: Server O/S: Windows Server 2003 And Server 2008

as seen on Super User - Search for 'Super User'
Hi, I am new here so I am might be asking a question which has already been answered [however I can't see it in the suggested answers above] I manage a network which is split into a parent domain and a child domain. Recently I have been looking at when to migrate to Windows 7. The child domain… >>> More
Windows 7 Desktop/Start Menu Redirection: Server O/S: Windows Server 2003 And Server 2008

as seen on Server Fault - Search for 'Server Fault'
Hi, I am new here so I am might be asking a question which has already been answered [however I can't see it in the suggested answers above] I manage a network which is split into a parent domain and a child domain. Recently I have been looking at when to migrate to Windows 7. The child domain… >>> More

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More