I now have a windows box connected to the internet via the server.
Question is - how do I know if the linux box is secure?
Are there any things that I have to config now - I am slowly moving on to configuring the dns and dhcp server - but is there anything else I should have done?
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
we have a remote linux server and its /var/log/secureile is fully filled with unauthorized ssh users,of course they cannot able to log in successfully but they were making continuous ssh requests to log in, it some times results in server down problem. so how to secure our server from their ssh attempts.i know blocking unauthorized ip addresses can solve this problem and we can also change the ssh port numbers but what are the other possible ways of solving this.
View 4 Replies View RelatedI set up my ubuntu server with iptables that only allows ssh in the input chain (and of course established connections) with only the mac adress of my laptop allowed to connect, set up a key with a long passphrase and installed pam_abl plugin. ICMP echo is blocked by default.
The only problem is i log all other attempts to connect to the server and i see a lot of traffic going to ports 445 and 5900.
My question is: Is there a possibility that these attempts could succeed and is there any way to further ensure this server?
I have been doing a whole lot of reading on any kind of home server. I want to have a secure home server that I can access from school by a domain name. At first I was looking at FTP, but I need something secure and it seemed like the software that supported SFTP has to be purchased. Then I started looking at SSH stuff, but I also realized that I want to use a dynamic DNS, so I started reading about that.
Basically, now my head is so information-logged I can't figure out what and how I should do this. If anyone could give me some very step-by-step-procedure links (or information) that show me how to set up a secure home server that I can access with a domain name through the internet that also uses a DDNS, that would solve all my problems.
Ok im new, i know apparmor is running. i was looking for firestarter but their isnt one.....how do i secure this server? i want a good firewall and some virus protection!. also do i need this?
View 9 Replies View RelatedI'm trying to setup an open-source project, I have a couple of developers on the team but nobody has experience with Apache. I would like to setup a simple home server for Bugzilla on Ubuntu 10.04, so my question is, is there a server that comes secure out-of-the-box so that simply adding files to /htdocs would suffice?
View 1 Replies View Relatedwhat is the best option to securing server via firewall and iptables?
View 9 Replies View RelatedI'm learning to secure my server in the best way I can think of: By learning to attack it. Here's what would like to accomplish. I have SSH set up on a linux box in a offline lab environment.
Username: root
Password: ajack2343d
Now, I know I can simply brute force this as I know the password, but there has to be other ways, and I wish to learn them.
I have created a Joomla! website on a subdomin that I host. The site has a mangement section URL... and I am trying to secure the administrator section only using SSL/https.So far I created the self-signed certificate and installed mod_ssl. I have added a *:443 virtual hosts in my httpd conf .This is really confusing me because the page exists, it works for http and https is just another protocol. Its almost like ssl does not have permission to access those files... Is there something im missing in ssl.conf or http.conf?I am not entirely sure I am going about this the right way.
I had a quick search through the joomla forums and found lots of errors, but not really any instructions. I have done some google searches and there seems to be about 10 different ways to skin the cat.
I created a website in my apache server. I just need to secure that when everyone try to access any folder on my root directory, it will show "Forbidden".
View 3 Replies View RelatedAt my work we have a windows 2008 that serves as a "bounce pc" i cant find any better word (thats directly translated from the word we use in my language) What i mean by that is that if we want to access the server net and so on we first have to rdp to a w2k8 computer and from their ssh/rdp/www futher to admin. The few admin have their own account and can be logged on at the same time, also with the rdp client you can mount your local c: witch can be very useful when you need to transfer file to the servers (they don't have access to the Internet). Now im looking for a similar service but for linux, suggestions?
The client that you connect with should be available to as many platforms as possible?
I am running UFW, which is set to deny everything but SSH on port 22, OpenVPN on port 1194 and HTTPS on port 443. SSH is set to only allow private key logins, and the root account is disabled. I have AppArmor running for all of my daemons (OpenVPN, Apache2, OpenSSH) and I have Fail2Ban running.
Is there anything else I can do to secure my server from the Internet (it is directly connected, there is no NAT between the Internet and my server).
I am having a small issue with finding and installing an IRC server program for ubuntu 10.10. I would like to know if anybody has any input on what the most simplistic and secure irc server program out there is, and how I would install and configure that said program.
View 1 Replies View RelatedI have a minecraft server running on a P4 box running Ubuntu server 11.04 64bit. Now would it be secure, if I allowed ufw to allow outgoing? Or would this be a huge flaw someone could exploit?
View 6 Replies View RelatedIs it possible to secure samba server with kerberos? I want to know whether we can use kerberos authentication to secure samba user name and password so that mo one can sniff that information. configuration or any URL link from I can get the exact configuration.
View 1 Replies View RelatedI am just about to undergo a new peice of freelance work myself on Bind 9, but it has been ages since I have done this, this was on my own LAN with port 53? Blocked from outside, so mine is not public facing.
But this project is, what should I setup to make this truely secure, just to recap on my thoughts aswell, forward resolving is Domain -> IP is not it? Then Reverse is IP->Domain is not it?
My server is suddenly getting giving the following error: Quote: Secure Connection Failed An error occurred during a connection to inenergy.dvrdns.org. SSL received a record that exceeded the maximum permissible length. * The page you are trying to view can not be shown because the authenticity of the received data could not be verified. * Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site. I had been trying to configure the server to do secure logins (before Christmas) , but I don't think I had completed the configuration and I'm not sure how to reset it so that I can start again.
View 1 Replies View RelatedI am quite new to Squirrelmail but got it working at the first place. Then, with the intention to secure login and data flow, I downloaded and installed the secure login plugin. However, just right after that, I started to get "the connection was interrupted" messages in firefox. I guess that it has something to do with SSL, probably I need to configure that in Apache, not sure. Unfortunately the README and INSTALL files are rather compact in the plugin and I struggle to find a step-by-step tutorial on what needs to be done in order to make it work.Would someone be able to give me a hint on where to find such an information or tell me what else I need to do besides the 3 points written in INSTALL?
View 1 Replies View Relatedmy /var/log/secure file is not getting updated with ssh logins from yesterday.Even the login from my own ip is not updated.
View 2 Replies View RelatedGetting connection reset or time out when trying to rdesktop to a Win2003 server that has been upgraded to use SSL for server authentication. (See [URL]). Works fine connecting to other Win2003 servers, just not the secured ones. I'm using Rdesktop version 1.6.0 on Linux Fedora and also SUSE. To connect to the secure servers, Windows clients use the updated RDP client - version 5.2. As a workaround, I attempted to set up an SSL tunnel for rdesktop but wasn't successful in connecting through that either:
ssh username@10.10.10.10 -L 1024:winserver.work.org:3389
rdesktop localhost:1024
Has anyone been able to use rdesktop to connect to a win server that has been configured to use SSL server authentication for RDP connections?
I'm trying to find a program that will allow me to run my own server for secure storage. Ideally, this server will allow me to set up separate users. I've heard of solutions that will automatically email the user when a file is placed in their folder, and the email will contain a link with a session ID that expires after a preset time.
Security is a big deal here as well. Something above and beyond SSL would be ideal, like GPG or PGP, so nothing is ever transmitted in plain text.
This would be a server that is accessible from the internet, and would probably be running on a CentOS system.
A vague description, I know. I'm going off of what others have told me they've seen/used in the past. Now I have a boss that wants to use something similar, but trying to find anything that sounds like this has proven quite difficult. I'm hoping someone here knows of something that might work.
I need to set up a Debian server in a windows network so that users can securely ftp docs to the Debian server and then pull docs from the server when needed - using a secure ftp session. I have the Debian Server built and IP'd. Do I just need to set up the vsftpd.conf and thats it? Right now I am just concerned with getting ftp working.
View 7 Replies View Relatedhow to setup a secure and reliable server, i have three ubuntu 10.10 servers a Dell PowerEdge 850,1850 and 2850 which has a Dell PowerVault 220s attached to it.The Dell PE850 Server Consists of:
Intel Pentium D 3.0GHz
4 GB RAM
Eventually 2x250GB Sata Hard Drives
The Dell PE850 Server Consists of:
2xIntel Xeon Processors 3.4GHz
4 GB RAM
2x76GB SCSI Hard Drives RAID 1
The Dell PE850 Server Consists of:
2xIntel Dual Core Processors 2.8GHz
4 GB RAM
6x76GB SCSI Hard Drives RAID 5 (pretty sure)
Dell PowerVault 220s
I would like to setup a reliable webserver, mail server, DNS and Dynamic DNS, DHCP, SQL, FTP, Samba (with Roaming Profiles), PXE Boot Server.I know how to setup most of the server modules, i would just like to know the best way to do it tho. I also want to no how to setup the secuity of the system correctly, and setup and partition up my hard disks to allow for the best reliabilty, even when a server crashes.I would like to now how to set these servers up from start to finish in a sence.
I am going to set up a file server on Ubuntu. I have searched a while, but can't seem to find a guide to what I want. The requirements specifications are the following:File server: possible to upload, change and download files.Linux (Ubuntu) clients, Windows clients if possible.Access restriction to deny access to other than registered users.Only the user should be able to read the content of the files.Ideally root should not be able to see the individual files, but in worst case it is ok for root to see the files.Root should not be able to open the files.Point 1-3 is easy to find out how to set up. But I can't seem to find a way to deny root to view the files. The only solution I can think of is to encrypt files or a whole folder, but I don't know how to set it up.
The setup is for a home network, but the server used as a file server will have a web server as well. If someone manages to get access to the server I don't want them to be able to read the files.
I have installed my linux server on the Internet witout a router/firewall between. To secure it I used iptables and it works fine. The problem is that I'am not feeling secure enough with only iptables. Is there anything else that I can install to make my server more secure and get rid of my paranoid feelings?
View 8 Replies View RelatedAs far as I know, servers are stable and don't go down easily, but every single server will eventually go down some day, either from hardware/software failure or from hacking.
But as sysadmins, our job is to keep servers running healthy as long as possible.
So I'm conducting another short survey (I might start more survey threads, and thank everyone for kindly replying my previous post):
1. Have you encountered server failures? What's the most common cause for server failure?
2. What is your most important trick in avoiding your server go down?
3. What security rules do you follow to protect your servers?
As per our requirement, I need to implement a Secure FTP server for around 500 users which includes security level on both - Transfer and Rest data. Apart from this I also need the following features -
1. Size quota on Users & reminder mails for the same
2. Password expiry notifications and user interface to change their password within specified time interval
3. Aging of data - After specified time, data will be moved to some other location from their home directory
4. All type of log maintenace for each file and user and log exporting
5. Uploading & Downloading speed consistency as per server level.
6. Read-write interface for user and read-only interface for their client for the same account.
7. Backup and Recovery options.
As of now, I am using VSFTPD which does not give these much of features in combine.
if connecting to my server for file transfer using gFtp is secure. I told gFtp to connect to the server using SSH2 and it works. It says it uses this command "ssh -e none -l wordpress -p 1883 IPADDRESS -s sftp." Is this more or less secure then using ftpes or ftps? What I thought was weird was that I could shutdown vsftpd and still connect. Does SSH2 SFTP use its own ftp server?
View 4 Replies View RelatedI've set up a server for the first time today and I'm reading up on how to secure it. But I was wondering if anyone here would give me some tips from personal experience on what to do before going online with my website for the whole world to see. I'm running Ubuntu Server edition and Apache. Am I good to go with default settings or is there anything recommended that I should first do?
View 9 Replies View Related