Useful linux security links

Wednesday, January 13, 2010 , Posted by Johnny Fuery at 12:57 AM

Originally Published 2005-04-04 17:36:32

I've been researching configuration practices for securing linux-based web servers.



Red Hat Enterprise doc (reg required):

https://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/security-guide/



Open Source Intrusion Detection:

http://www.devx.com/security/Article/22442



Jailing Apache:

http://docs.linux.com/article.pl?sid=04/05/24/1450203&tid=29&tid=14&tid=35



A high pageRank tutorial I ran across:

http://www.yolinux.com/TUTORIALS/LinuxTutorialInternetSecurity.html



Basic strategy:

+ Kill all TCP services (both running and init)

+ Add back the ones you need (Probably only ssh, sftp, httpd. I'm thinking maybe I should even make sftp not start on init and cron a kill command so you have to logon and start it every time you touch it.)

+ Secure apache (httpd) -- not gotten too deep here yet. Jailing is the first step.



--



Jargon anyone? Sheesh.

Currently have 0 comments:

Leave a Reply

Post a Comment