Security :: Assessing And Auditing A Server?
Dec 28, 2010
In 2 weeks, I will be handed over 8 servers, each one hosts around ~3 virtual machines, which will make them a total of around ~24 servers. And part of my initial responsibility is to make sure that these servers are secured and ready for me to look after.My question is, what are the best procedures (or as I will call it "checklist") to assess and audit each server, and be 100% sure that the server doesn't have a rootkit and everything is secured.
View 1 Replies
ADVERTISEMENT
Mar 18, 2011
I have in my hands a bunch of samba logs, about 24 different files and I was wondering if there was a tool that would go through them and organize them into something readable.I had a gander at Sawmill
View 2 Replies
View Related
Oct 19, 2010
As part of server hardening process i would like to know the Best way of System Logging and Auditing.Following pointould be taken into consideration.Logging of critical eventsLogging access to critical accountsSecure storage and availability of logsReview of logsSecurity of logs
View 2 Replies
View Related
Mar 21, 2010
Any body knows any security auditing tool in Linux except Snare..
View 3 Replies
View Related
Feb 2, 2010
I am trying to initilaize auditing on a Red Hat 5.2 enterprise server. Things like:
/sbin/chkconfig audit on
/etc/audit/audit.rules
/var/log/audit/audit.log
are what I am looking at, but I need to know where things go to start the audit service. A simple example with all of the pieces set to audit, then I can add rules to match requirements.
View 3 Replies
View Related
Apr 8, 2011
I wanted to download a public repository, from sourceforge.net.I have tried using socat and configure my proxy but with no success, I have given the detailed specification for configuration of the ssh below,
host cfdem
user git
hostname cfdem.sourceforge.net
[code]....
View 2 Replies
View Related
Apr 21, 2011
I bought 4 dell optiplex sx280's and monitors, and wanted to install either ubuntu 10.04 or 10.10 downloaded both several times but get the same problem on all 4 dell's but cd's ok on a home built pc. What I get is with the cd-r in and then power the pc up I get the indication on screen that its accessing the installation scripts but then the screens go black and a few seconds later they drop to power saver mode, but the cd-rom drive led indicates the cd is still being access the sx280's have built in graphics with a dvi out put.
View 1 Replies
View Related
Aug 14, 2010
I have a rhel5 as my file server with active directory intergeration and using samba for folder sharing ,webmin to manage the shares.We haveany folders and subfolders and files.We are facing the following issue.We had given a folder called yardworklist which is shared by 8 people with full access.The yardworklist will have more than 80 folders which represents each ship.The problem we are facing is some user copy a folder or file from a specific ship folder say SEA HERON to another ship's folder say BOW CLIPPER.The next day the person who wants to work on SEA HERON found the file or folder was missing and use his search tool to get the folder or file. I dont know who is the person did this.Basically a event log will also be enough like which file has been copied by whom to which place.
View 2 Replies
View Related
Jan 4, 2010
I have been out of the UNIX world for some time preoccupied with real life problems. I'm interested in getting a home system up and running, but having difficulties deciding on a base platform.I am leaning towards a Linux, versus a BSD due to the tremendous amount of employers seeking people with that technology. However, I am attracted to the auditing performed on packages on the BSD end, particularly NetBSD/OpenBSD.Is there a Linux distribution that performs auditing of third party packages? I understand there are some commercial distributions, but wonder if they are more reactive than proactive
View 5 Replies
View Related
Jan 4, 2010
I want to know that the tools used for Network Auditing in linux fedora, can any one share with me the names and little bit detail related to these specific tools. it will be the nice favor for me,
View 1 Replies
View Related
Aug 25, 2010
I'm a linux newbie and scripting novice and I'm trying to pull auditing info and dump it into a file. I made some login changes so it would get audited but I don't want to have to sift through the log to see who the user was and what was done. This is what I have below here and I can't seem to get it to extract the info want using the event id. The "ausearch -a $10" from the script should get it from the 10th column but it's not working.If I can get this to work I would like to add additional aureport options.
#!/bin/bash
yyyy=`date "+%Y"`
mm=`date "+%m"`
[code]...
View 6 Replies
View Related
Feb 6, 2010
We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
View 3 Replies
View Related
Jun 6, 2011
Running Ubuntu Server 10.4
I'm in need of some auditing to determine what is happening with some files on our local server. What is generally the best tool to load, and do you have any good links to a tutorial on how to install, setup and run?
I'm looking for what users have accessed a file. ... read, open, edit, delete, move, save... etc..
View 4 Replies
View Related
May 8, 2011
I'm concerned about security of having a LAMP server on my laptop as having any server makes the system less secure. However, if I were to create a new partition and install a lamp server on that and only use it when offline, would the security of my main partition be affected at all?
View 3 Replies
View Related
Jul 22, 2011
I've recently been running a game server from my desktop, as well as a web page to accompany it.I use the ports 80/8123(HTTP)/5900(VNC)/50500(GAME)/5839(ADMINISTRATION).What's the best solution to protect my server from security threats? On a side note, I plan on adding a MySQL server later, but I want to keep it local only.
View 9 Replies
View Related
Aug 14, 2010
I'm new to server admin, so my question is based on what may be a bad assumption. With a server, my assumption is "if it ain't broke, don't fix it". In other words, I'm not really interested in upgrading the software to the latest and greatest if I already have stuff working on the server.
However, the one place where I DO want to constantly have upgrades is for security patches. How do I apply security updates to Ubuntu Server... and ONLY security updates?
View 2 Replies
View Related
Aug 29, 2009
I followed this how to to make a NFS server: [url]
So it means: exports looks like this:
Quote:
Here are some quick examples of what you could add to your /etc/exports
For Full Read Write Permissions allowing any computer from 192.168.1.1 through 192.168.1.255
It means that if sbdy arrives with a linux machine, puts the ethernet cable into the router, then logs as root on his machine, and mount the exports. He can do almost everythg, with permissions chmod'ing ...
Is that LAMP, or i am wrong for nfs kernel servers, the ultimate users/password servers against that to prevent those physical approches /logins?is there good how to ?
View 5 Replies
View Related
Feb 15, 2011
I want to know how can I test my server security with hping3 tool I want to make a virtual DoS or DDoS or SYNK attack in my LAN to test my server security and ability against these attack .Is hping3 a good solution for this or not if yes how can I do this which option of this can make such these attacks?
View 4 Replies
View Related
Mar 1, 2010
I'm using Postgresql 8.4.2-2. I'm trying to remote into my server securely. I figure I could do so with ssh. Apparently I figured correctly, as per, [URL] and [URL] I setup the ssh tunnel. ssh -L 5432:serverip:5432 Then I setup pgadmin3 to connect as follows:
host: localhost
port: 5432
user: postgres
maintenance db: postgres
And I receive the following error:
An error has occurred: Quote: An error has occurred: Error connecting to the server: server closed the connection unexpectedly This probably means the server terminated abnormally before or while processing the request.
I'm not sure what the problem is. I can connect with Code: psql from the cli after connecting to the terminal via ssh. So I know that I'm using the correct password.
View 3 Replies
View Related
Oct 7, 2010
I have NFS set up on my file server on my local network. Right now I'm allowing all local IP's. Now I want to be able to access the shares from home, across town.
Can you secure NFS in any way other than IP restriction, ie. password login? I know I could just use sftp but I want the control and seamlessness of NFS.
View 2 Replies
View Related
Apr 8, 2010
I had two continues attack on our server(web hosting capnel)...The attacker is deleting one users public_html content so that he is losing his contents.. Actually all files are with owner as him. But I don't know what's happening? is it a good idea to use some IDS on server..would it be a overhead for server?
View 1 Replies
View Related
Feb 4, 2010
For some time now I've been noticing the network activity light for my linux box blinking like mad on my router. After a little looking around for ways to see what connections my box has established, I found the following using lsof -i
Code:
bash 13839 root 1u IPv4 3118972 TCP shana:49148->Oslo.NO.EU.undernet.org:ircd (SYN_SENT)
bash 13839 root 2u IPv4 3118986 TCP shana:34323->161.53.178.240:distinct
[code]....
I know I'm not using IRC, and I have my sshd locked down fairly tight, requiring a key to log in, so obviously, it looks like there's something or somebody in Croatia (the origin of that IP address) connecting my system to undernet.org for some nefarious purpose. Looking at my processes, ID 13839 shows up as
Code:
13839 ? S 0:00 bash
Just 'bash', not '-bash' as
Code:
13426 pts/0 S 0:00 -bash
my session appears. Previously, this odd bash process was ID 2704, which seemed to imply that it had launched fairly soon after my system booted up which really makes me wonder. Oh, and yes, I did kill that 2704 process, and it returned as this 13839. 2704 also had those same IRC connections present in lsof.
View 12 Replies
View Related
Apr 15, 2011
How to Configure rsh Server and where to restrict instances?
View 3 Replies
View Related
Aug 13, 2010
[COPY]
Ooooh, mod fight
[/COPY]
View 4 Replies
View Related
Jan 13, 2011
I'm running a CentOS server, but I'm not familiar with iptables. Can someone recommend a firewall where I can manage it via a web browser. I might be off here, but can I run something like Pfsense on top of my server ?
View 3 Replies
View Related
Mar 11, 2010
I am creating an FTP server using VSFTP. It will be in the wild, initially at least only functioning as an FTP server. I have the iptables config from the previous box I set up 3-4 years ago. I have also got private/public key authentication running with SSH to eliminate brute force attacks.
Here is where is my specific question. On the old server I set up something that allowed my clients to log in using accounts that were not system accounts but would translate to a single system account that was limited to FTP. I remember setting up a passwd account that had username / password pairs that FTP used for authentication.
What app is this? Is it just part of VSFTP or maybe SELInux? I really want to utilize this.
View 2 Replies
View Related
Jan 26, 2010
I set up my ubuntu server with iptables that only allows ssh in the input chain (and of course established connections) with only the mac adress of my laptop allowed to connect, set up a key with a long passphrase and installed pam_abl plugin. ICMP echo is blocked by default.
The only problem is i log all other attempts to connect to the server and i see a lot of traffic going to ports 445 and 5900.
My question is: Is there a possibility that these attempts could succeed and is there any way to further ensure this server?
View 9 Replies
View Related
Oct 16, 2010
I have a rather secure server that I have hardened. Only allow ssh non stranded port and the port 80 for my LAMP. Use aa for everything. The server uses Snort as an IDS and PSAD (port scan attack detection). The firewall is a custom in-line IPT using fwSnort rules. This one was off the chain! As I was upgrading from the 10.04 LTS to 10.10 I was reading ever new file that was being put on my disk with "D" Ubuntu asked me if I wanted to replace the old file with this one.
[code]....
View 1 Replies
View Related
Oct 29, 2010
I have an Ubuntu 10.04.1 LTS server that I set up a while back and I am considering encrypting the whole box. I store everything on the server and if it were stolen from a home robbery it could be quite devastating. The server is using two 750 GB SATA hard drives formatted with LVM. Inside the LVM I have a small partition on the first drive for the OS, SWAP, and everything else on the first and second drive is /var/media which is where I store all the data. I have set up an encrypted LVM on my laptop but that was during the install using the automatic method.
I can't figure out how to do what I want to do and I don't want to risk destroying the data on the server. What I would like is to non-destructively encrypt the server (System, SWAP, and DATA partitions) similar to how TrueCrypt works on Windows and I'd like the encryption key to be stored on a USB thumb drive so when the server boots it requires a hardware key. (And have the encryption key backed up online in case the flash drive dies.) And I'd like to use AES 256.
Code:
View 1 Replies
View Related
Nov 2, 2010
I am trying to figure out how to turn my 10.10 server into a listener only. I have it set up using snort/acidbase. It is grabbing my network traffic just fine. I want to now set up a second server to hold all the data it collects. I need to change the snort server so it only listens. I disabled ping responses, but I want to go farther than that. I want to disable responses all together. I want it to only grab the data and store it.
View 9 Replies
View Related
