Beste practice with new clean DA server

[bigEsmurf]

Hi,

Since 2 weeks we have a new server running CentOS and DA, but last week we immediately fell victim to the RoundCube expoit. Since nothing was running on the server yet, I've asked them for a fresh install, and they will deliver in the next days. Which brings me to my question... when the fresh install is done, what is the best practice to secure our new server, and to make sure it is uptodate?

Of course updating RoundCube through custombuild, but are there any other things I should update, or worry about?

Let me make a list of things I'll do

- Block ssh access except for own ip's

 

[floyd]

There will probably be lots of advice about specific things to do. But remember security is an ongoing process. Roundcube for example was not a security threat 2 months ago. So 2 months ago nobody would have told you to upgrade roundcube. Its up to you to continually monitor security alerts.

There are also different levels of security. Some here will be very strict and others not so strict. You have to determine what is best for you. For instance some will say to not allow root login through ssh. That is a good practice but its not convenient. I don't want to sacrifice my convenience so I block all ssh access except for my ip. That way I can login as directly root but not fear that somebody else is going to be able to brute force a root login.

You need to listen to all the advice here and then determine what is best for you. And again its not like you can do these things and then you are done.

 

[bigEsmurf]

Thanks for the ssh tip, that's definitely a good idea. I understand that I constantly need to monitor security alerts. Does DirectAdmin.com have a specific page for that?

 

[nobaloney]

Install a firewall. You didn't say what OS you're using, so it's impossible to be specific about that.

Update all software managed by the OS management system often. We run yum update every night; your mileage may vary. Then set custombuild to warn you when new packages are available, and update according to either a schedule, or based on the reaons why new packages are available.

Jeff

 

[floyd]

Since bigEsmurf wanted to know about security and firewall has been brought up I have a question that may interest bigEsmurf as well so I will ask it here.

With a firewall you can deny access to certain ports (ip addresses as well but you usually don't do that unless you are being attacked). But if no software is listening on those ports what is the benefit of blocking ports that are not listening anyway?

So how would you configure a firewall?

 

[nobaloney]

One reason would be to keep people who can login to your server (intentionally or otherwise) from using those ports.

You can also use a firewall to drop traffic; that looks very different to an attacker than a closed port.

Jeff

 

[floyd]

One reason would be to keep people who can login to your server (intentionally or otherwise) from using those ports.

Like one of the many php script exploits out there that can allow people to upload their own script running as apache. They could set up something to listen on a port that you would otherwise not be using.

 

[bigEsmurf]

Thanx jlasman

Our new server is running CentOS 5... is it easy to install a firewall under CentOS 5?

 

[floyd]

A firewall is already installed by default. Its called iptables. Its very effective.

I have found Webmin good to manage iptables.

 

[nobaloney]

Note that inexperienced systems administrators should be very careful when using Webmin; it's extremely easy to completely break your server since webmin will allow you to make changes inconsistent with what DirectAdmin needs.

Two easy to use firewalls for CentOS and all other Linux distributions are KISS and APF; you can find them both discussed in these forums.

Jeff