How should a server be secured? [closed]

security server

Talking towards Ubuntu 10.04, server edition, what tools/practices would you recommend to secure the server?


Solution 1:

This a bit non-specific, but in general you will need to

  • Run a firewall like iptables or ufw to manage connection to open ports.

  • Only install software your require.

  • Only run services that are essential to the running of the server.

  • Keep that software up to date with all security patches.

  • Set up new users with the least privileges they require to perform their duties.

  • Run denyhosts or fail2ban to check for brute force attacks.

  • Run logwatch to email you of any anomalies in log files.

  • Check your logs often for suspicious activities.

  • Use sudo always and use strong passwords.

  • Disable weak and medium strength ciphers in SSL for apache, exim, proftpd, dovecot etc.

  • Set services to only listen to localhost (where appropriate).

  • Run chkrootkit daily.

  • Run clamscan as often as is required to check for windows viruses (if appropriate).

  • Be vigilant, know your server, know what it should be doing and what it shoudn't be doing.

You will only keep things secure by constantly checking and securing. If you don't know what something does or how or why, or something looks suspicious, just ask others for advice.

Solution 2:

Awesome answer by Richard Holloway. If you are looking for a specific step by step guide checkout the following 2 part guide from Slicehost library.

  1. http://articles.slicehost.com/2010/4/30/ubuntu-lucid-setup-part-1
  2. http://articles.slicehost.com/2010/4/30/ubuntu-lucid-setup-part-2

I use it almost everywhere when I have to setup an Ubuntu Server instance. I am sure you would love it.

Other great source is the Linode Library at http://library.linode.com/

Do check out the articles at both places. Loads of informations is available there and you will be armed with enough knowledge to handle your server just fine.

PS: In no way, a library can be a substitute for a great sys admin's intuition, insight and decision making capabilities.

Related

What terminal-based network speed tests are available?
To find all integral solutions of $3x^2 - 4y^2 = 11$
Expectation of a Standard Normal Random Variable
How to prove that a number is irrational
Basis to Hyperplane
Can $(X_1,X_2) \cap (X_3,X_4)$ be generated with two elements from $k[X_1,X_2,X_3,X_4]$?
Laurent Series of $f(z) = \sin {\frac{1}{z}}$ at $z=0$
Prove that sequence $ x_{(n+1)}= \frac {a}{1+x_n}$ is convergent to positive root of $x^2+x-a=0,$where $a >0$ and $x_1 >0$ [duplicate]
Hahn-Banach theorem, dual space
Cartesian products and families
Simplify triangular sum of triangular numbers: $\sum_{i=1}^{n}(\frac12i(i+1))$
Multivariate normal and multivariate Bernoulli