Am Son, 2003-03-09 um 10.46 schrieb Michael Hoeller:
Hello,
I only have few knowledge in the area of security an so i like to ask for some hint on the expert list - please appologize when the question is not really professional.
Here is the problem, I need to runn a productive server SuSE 8.0 to which some real terminals are connected (-> no harddrive) the terminals boot via tfpt and mount the certain drives via nfs. For "online"backups I run rsync.
The server must be reachable for remote maintenance via isdn dialin, also telnet and ftp.
ouch. If possible drop ftp and telnet and use ssh / sftp instead. Or at least chroot the ftp process and don't let it run as root. (There is no point in chrooting a SUID process)
The temporary connects to the internet for surfing and email should also be possible.
What would you suggest to protect the machine? It would be great if you could point me to the right direction that way I can focus on the things which are really needed.
If it's connected to the internet install a *tight* firewall. Remove all unnecessary services Remove unnecessary software (tcpdump, compiler, sources etc) Check for security updates once a day. Better would be each hour with cron. Install IDS software (eg AIDE) Install chkchroot. Install portsentry in case your firewall is dropped for some reason. HTH -- Matthias Hentges Cologne / Germany [www.hentges.net] -> PGP welcome, HTML tolerated ICQ: 97 26 97 4 -> No files, no URL's My OS: Debian Woody: Geek by Nature, Linux by Choice