Hello,
I have been searching for security tools and methods for my personal VPS.
My VPS is mostly used for LAMP (php & python).
Some of the things I did:
- no root logins for sshd
- key authentication and no password prompt for ssh
- automatic package updates with email notifications
- exim for sending email only. (server does not receive email)
- setup fail2ban - brute force detection and ip ban with email
notification. (how long should I ban for?)
- aide (Advanced Intrusion Detection Environment - file change
monitoring). I understand that the AIDE files (database, executable
files) should be hosted in another machine or a read only media. If the
VPS is compromised then AIDE could also be compromised, placing AIDE
outside the VPS could help correct?
Is there a site which can provide security notifications over email for
specific software. I like to keep track of a couple of packages I have
compiled.
osvdb.org provides RSS feed of searches and I have searches for package
names I need. I also have RSS feed for ubuntu packages www.ubuntu.com/usn
Is osvdb.org reliable? Are there alternatives?
Things that I'm thinking of doing:
- Install snort - network intrusion prevention and detection ( I did
this years ago but IIRC it used to generate many false alerts)
Is there any good companion software for snort? Something that can
digest snorts data and present it nicely formatted to me over email
and/or web interface. This seems interesting
http://sguil.sourceforge.net/index.html but I don't know if it provides
email notifications.
- install Nagios (IIRC it can send notifications when services are down)
- Install munin for performance monitoring
- change sshd port (is it worth the extra trouble?)
- alerts for any type of terminal login (is this possible?)
Thanks in advance :o)
_______________________________________________
Mid-Hudson Valley Linux Users Group http://mhvlug.org
http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug
Upcoming Meetings (6pm - 8pm) MHVLS Auditorium
Oct 6 - Creating Browser Extensions for Firefox and Chrome
Nov 3 - Bug Labs
Dec 1 - Dec 2010 Meeting
