-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Patrick, Most of what I'd offer has already been said, but since you bring Snort up for a second time, it's probably worth considering laying Snort aside for a while, until you've had a chance to address the fundamentals of hardening the host(s). Snort's a powerful tool, and a study unto itself in some ways; don't let it distract you from more basic pursuits (turning off unneeded services, limiting service accounts' ability to write to local filesystems, disabling password authentication) that will meaningfully reduce your attack surface. Cheers, - -sth sam hooker|[email protected]|http://www.noiseplant.com "The wooden boards and other incised artifacts of Rapa Nui also bear a boustrophedonic script called Rongorongo, which remains undeciphered." http://en.wikipedia.org/wiki/Boustrophedon - ----- Original Message ----- > @Brett - That's fantastic. I am going to work on it over the next > couple weeks and see how far I can get. As I am sure I have made > evident, I'm like a blind man with a chainsaw here. :P How would that > work with say Snort configured with iptables? I've always been one to > be in the mindset of 'configure it your self, or it won't do what you > expect' mindset. Is that not necessarily true when configuring and > securing servers? > > > @AJ - I hear what you're saying about Ubuntu vs. Debian, but isn't > Debian basically just the 'clean slate' where you can do anything, vs > Ubuntu Server where it comes with a lot pre-loaded? I have two gripes > about Ubuntu server... > 1) It's quirky - it acts weird out of the box, in my limited > experience... > 2) It comes with software installed that I have no idea what it is > necessarily, or how to configure/use it. :P But alas, that's really > just a lack of experience. > > > @Rene - I see lots of people saying fail2ban is invaluable, and I have > gotten it compiled (after realizing I can just apt-get it) and > theoretically running, but the documentation is pretty limited. I have > no idea what I'm doing and I haven't really found a good tutorial > about it. > > I am still working on getting iptables configured properly. It's a bit > trickier than I had originally imagined. When you all are working in > your servers, do you ever use a GUI at all? (don't hate me for being a > total newbie :P ) And, that's not to say that I am uncomfortable in > the console, just .. well, see the blind man / chainsaw reference. > > > @Richard - That's an awesome tutorial. I am still working my way > through it, but the information there is invaluable (albeit somewhat > redundant and common sense) - but it's always good to cover even the > most basic basics. Thanks! > > > @David - Hurray C! :D Can you two debaters tell me why Ubuntu server > is preferable over Debian? I'm still doing my head scratch here. And, > any additional information regarding fail2ban would be fantastic! I > have read quite a bit about it, and it seems awesome... but for me, I > have no idea where to even begin in configuring it properly. > > > @Jim - Thank you for the advice. I am unclear as to how users for > services are handled. Though, I guess it makes sense that if a service > needs its own user, then logins shouldn't be allowed. But if that's > the case, then how does one (the service) even run as said user? As > far as the brute force or the ftp-eavesdrop, I highly doubt either. > FTP was never set up for just that reason of being too insecure (not > that it ultimately would have mattered). > > > @Mark - Thanks for those links. Once I get the server back up and > running nicely, I am going to check both of those out further. > > > @Joe - What tools do you use to keep your self safe? I am more > interested in Debian vs. Ubuntu for the reason mentioned above - I > have no idea what the differences are (I know ubuntu is debian based, > but what comes pre-loaded? How does that impact me?) and I really do > have the mindset of do it your self if you want it done right. Is that > unreasonable thinking? > > As far as logs go, they're long gone. We didn't much care, we knew it > happened and we have a fairly good idea how it happened. That being > said, we just wiped (there are two drives, one boot and one thats > exclusively media - should we be worried about the media drive?) and > started over. Dave's server now has ubuntu server on it, where mine > has Debian (still fighting with my router though). Theoretically, we > can do identical things to them and achieve similar if not identical > results, right? > > > @Rubin - I can pretty well understand that code (I really am not a > complete noob here, I am pretty comfortable hack and slashing in a > terminal) but I have no idea where it goes / how I would go about > implementing it. Can you elaborate here for me? > > > @Dan - How does one go about modifying a users shell access level? > Your advice is great, I appreciate it a lot. > > > Thank you all for the responses, and I apologize for not getting back > sooner. Took a hiatus to NH for a few days, but am looking forward to > sinking my summer into getting a secure, stable server up and running > (F@H anyone? ) > > If anyone has any other tips or thoughts, or that might even want to > hold my hand for a while along the road to security, I would be > greatly appreciative. :) > > -Pat -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.8) iQIcBAEBCgAGBQJN0c1lAAoJEPoh2/xXOP2jfU4P/16XMV+AWdA9r+rrp5WbFbM7 gl8q0IkJFb2Ivmr84a80osc9I7AmQVz7yPkLjvx5lTzaVCZA7due4p92UUBI16gU qVSdYMzN25SxUHWIsSOT96EjMDVAFFbk92mkrPC4FrbBhXCU/tyV8PbhqErpYRua mLR0VibC6dYtiGdmwgW8cBXsTsLTP+WKM54dPOOAJt/uRDM/uvomEUgkkM0hVgJz UQa1bpKvJEJFFjBJ4uQrSY1K3Lwufo0QkGOx2hc1q8K10M792b15JWCq+0S3e/EK tNOm1dIbW8uPn17akR2BwIkKj9qYA4Ou3EzFCkh1UIStWVQSE57+s8BxNx2P462f APS0euR5YQzAtfRnupcMN9feCjiJDCh6MYkGeoTktO+fY6VZ9QcfDiHF+coJtSd/ bG8JQBFFJEswP8t//D78IQLTF8jOyynMRQIOqsx/AUBRZlWXA3lrWPVQM1YWcCym Q+gW2I29K5t+pQ2IRG8pWaUitQJe5bdNMWXNjYGDfnElNbDtPAO94m05eixgmaTv HvmC41ieLKA4wCFNVCh0UIgupTV1+gUS2HRvpbRGiD1s8PuLLeMghUXEQV3Cr2ht 0y7DWWiE6QXgz/PTx9+mU1of5vvfhCyhPzJh9CHUQhVwyKOQKGDJXpZsnvfXeipr qGQM+qJ6qwsSxqXXrFnS =DU4I -----END PGP SIGNATURE-----
