On 30/06/03 22:49 +0100, CreativeSell wrote:
> Having just got off an awful php host, my partner and I have decided to get
> our own redhat server. However we are slightly apprhhensive about ebing
> hacked to pieces. we are keeping up to date with all bugtracks and security
> updates...what else can we do?
Other than patching your system regularly, not much is needed to secure
a single host.
Put up a firewall. iptables recommended.
Run a caching DNS server (DJBDNS springs to mind, but you can use the
updated BIND as well).
Run your database(s) only on the loopback address.
Use the Apache suexec facility.
Replace Sendmail with Postfix/Qmail/Exim. Each is simpler and has a
better track record than sendmail.
As a webhost, the public services you need to offer would be http
(tcp/80), https(tcp/443).
If you also deal with mail on the same system, you need tcp/25
and possibly one of pop3 (tcp/110), imap (tcp/143), pop3s(tcp/995),
imaps (tcp/995).
Also allow incoming tcp/53 and udp/53 for DNS.
Avoid using FTP, use SCP instead. Windows clients can use Winscp.
Devdas Bhagat
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
