Hi, my name is Chris and I just started using LINUX. Now my problem I have to install a very save server. The server should work as a file-server which is also WWW-router, firewall and Mailserver for a network of 25 workstations with Windows NT. 5 Days ago I started working in LINUX but my employer wants me to create a server that is saver than a very save NT-system. I'm not able to create such a system by myself!! Please Help me Greetings Chris
Hi Chris, Take a look at securityportal (www.securityportal.com). There is some useful information for (new) admins on securing your system. Also I believe SuSE has a manual for installing a safe webserver on their site (www.suse.com). Cert also has some good info (www.cert.org) S. On Thu, 30 Nov 2000 C.Richartz@wzl.rwth-aachen.de wrote:
Hi, my name is Chris and I just started using LINUX. Now my problem I have to install a very save server. The server should work as a file-server which is also WWW-router, firewall and Mailserver for a network of 25 workstations with Windows NT. 5 Days ago I started working in LINUX but my employer wants me to create a server that is saver than a very save NT-system. I'm not able to create such a system by myself!! Please Help me
Greetings Chris
If you want to use your server as a file server then I would recommend that you use samba such that the windows clients may be able to access their files stored on the linux server. One other option is NFS but I really do not think you want to go through the trouble of setting up NFS. As for mail SuSE comes with sendmail already running by default and unless you have specific configuration issues th default installaion should work okay. I.e as long as in /etc/rc.config SMTP=yes is set then you are able to send and receive mail. For firewall issues install the package firewals and then edit /etc/rc.config.d/firewall.rc.config and after set START_FW=yes in /etc/rc.config However despite all this it is not really a good idea to use the same machine as a file server and also as a firewall. As for a www router that depends on the setup of your network if you just want all your windows machines to be able to browse the internet then the firewall will help you if you set masquerade to yes. There is a lot to say so if you have any problem please e-mail me off list as some things are not really security related. On Thu, 30 Nov 2000 C.Richartz@wzl.rwth-aachen.de wrote:
Hi, my name is Chris and I just started using LINUX. Now my problem I have to install a very save server. The server should work as a file-server which is also WWW-router, firewall and Mailserver for a network of 25 workstations with Windows NT. 5 Days ago I started working in LINUX but my employer wants me to create a server that is saver than a very save NT-system. I'm not able to create such a system by myself!! Please Help me
Greetings Chris
Hi, basically, enabling smtp and pop3 services on a firewall or a host with firewall functionality is not a very safe setup. Mailservers have to accept certain commandos from other servers in order to process/deliver mails. An improperly set up mail system can be considered as a serious threat to your network security; if this all-in-one hosts gets cracked, there's no second-in-line defense perimeter left to keep the bad guys (and grrlzz) out... A good approach towards learning the do's and dont's of linux and linux security would be to get a small, currently not used PC where you can safely install linux and play around with it before you put anything in a production environment. Steps to a reasonably secure system would include: a) read the whole documentation of your linux distro and try a few things, specially the security apps, patches and tools that come with it (section "sec" in suse), but also the basic administrative tasks b) subscribe yourself to certain mailing lists covering distro news and security announces/discussion (bugtraq, CERT...) c) get yourself some literature, for example Linux in a Nutshell, Unix - Ein praktischer Einstieg, TCP/IP-Netzwerkadministration and Einrichten von Internet Firewalls (all from O'Reilly, www.oreilly.de) d) look for possible security threats on www.securityfocus.com, www.securityportal.com, www.whitehats.com... e) verify your system security via online services like www.hackerwhacker.com f) read, read, read and read again, then go and try, and return to reading... Good luck, Boris <bolo@lupa.de> --- On 30-Nov-00 C.Richartz@wzl.rwth-aachen.de wrote:
Hi, my name is Chris and I just started using LINUX. Now my problem I have to install a very save server. The server should work as a file-server which is also WWW-router, firewall and Mailserver for a network of 25 workstations with Windows NT. 5 Days ago I started working in LINUX but my employer wants me to create a server that is saver than a very save NT-system. I'm not able to create such a system by myself!! Please Help me
Greetings Chris
Hi Chris, I can heartily recommend: Maximum Linux Security by Anonymous, published by www.samspublishing.com, ISBN 0-672-31670-6 As being a good grounding in some of the principles of linux security. The same author also wrote Maximum Security, which is a more general book, that I unfortunately haven't got yet! Iain
-----Original Message----- From: bolo@snafu.lupabuero.de [mailto:bolo@snafu.lupabuero.de]On Behalf Of Boris Lorenz Sent: 01 December 2000 13:22 To: C.Richartz@wzl.rwth-aachen.de Cc: suse-security@suse.com Subject: RE: [suse-security] Linux 7.0
Hi,
basically, enabling smtp and pop3 services on a firewall or a host with firewall functionality is not a very safe setup. Mailservers have to accept certain commandos from other servers in order to process/deliver mails. An improperly set up mail system can be considered as a serious threat to your network security; if this all-in-one hosts gets cracked, there's no second-in-line defense perimeter left to keep the bad guys (and grrlzz) out...
A good approach towards learning the do's and dont's of linux and linux security would be to get a small, currently not used PC where you can safely install linux and play around with it before you put anything in a production environment.
Steps to a reasonably secure system would include:
a) read the whole documentation of your linux distro and try a few things, specially the security apps, patches and tools that come with it (section "sec" in suse), but also the basic administrative tasks
b) subscribe yourself to certain mailing lists covering distro news and security announces/discussion (bugtraq, CERT...)
c) get yourself some literature, for example Linux in a Nutshell, Unix - Ein praktischer Einstieg, TCP/IP-Netzwerkadministration and Einrichten von Internet Firewalls (all from O'Reilly, www.oreilly.de)
d) look for possible security threats on www.securityfocus.com, www.securityportal.com, www.whitehats.com...
e) verify your system security via online services like www.hackerwhacker.com
f) read, read, read and read again, then go and try, and return to reading... Good luck, Boris <bolo@lupa.de> --- On 30-Nov-00 C.Richartz@wzl.rwth-aachen.de wrote:
Hi, my name is Chris and I just started using LINUX. Now my problem I have to install a very save server. The server should work as a file-server which is also WWW-router, firewall and Mailserver for a network of 25 workstations with Windows NT. 5 Days ago I started working in LINUX but my employer wants me to create a server that is saver than a very save NT-system. I'm not able to create such a system by myself!! Please Help me
Greetings Chris
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi Chris,
I can heartily recommend:
Maximum Linux Security by Anonymous, published by www.samspublishing.com,
ISBN 0-672-31670-6
I wasn't to terribly impressed with it, large margins, big type, even worse the section on PAM sucked, there wasn't one.
As being a good grounding in some of the principles of linux security. The same author also wrote Maximum Security, which is a more general book, that I unfortunately haven't got yet!
You can get it on CD with a whole bunch of great (and old =) security software (I should know, I was the one that did a lot of the work on it, hah). ISBN-1-57595-0332-3 Again, I wasn't to terribly impressed with it, but it was a bit better then the Linux one. Another book that's recently out and pretty decent is: "Real world linux security" ISBN:0-13-028187-5 I edited it (so am pretty familiar with it =) and it's pretty decent in my opinion.
Iain
-Kurt
Hi Chris,
I can heartily recommend:
Maximum Linux Security by Anonymous, published by www.samspublishing.com,
ISBN 0-672-31670-6
As being a good grounding in some of the principles of linux security. The same author also wrote Maximum Security, which is a more general book, that I unfortunately haven't got yet!
Iain
There is also a German translation from the "Markt+Technik Verlag München" available, for the Germans in here. The quality of the translation is quite decent, and it might even happen that some circumstances are a bit more clear in the translation. It lacks about 1.2 chapters, whereas some new text was inserted in some places by the editor. I've done the final editing and checking for errors, so I know both versions - that job was tough at times. The book is a nice inspiration source with the long list of problems that the author sheds light on. On the other hand, a path that guides the reader to gain more experience with the issues is almost missing. Since software seldom gets very old, the breaches mentioned in the book aren't recent ones. The author states the fact that the book can't claim any actuality right at the beginning. This should be taken seriously - you can't maintain a half-way secure system if you don't stay tuned with the recent issues at least in vendor security announcements. Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
participants (7)
-
Boris Lorenz -
C.Richartz@wzl.rwth-aachen.de -
Iain Gray -
Kurt Seifried -
Roman Drahtmueller -
semat -
Stefan Suurmeijer