[newbie:] Secure development environment
Hi, I am currently setting up one of our development servers with SuSE 7.0. Since the installation of a "normal" workstation system is pretty much straight forward I believe that there are a lot of things more to be configured to have secure development server. Hopefully someone on the list can point me to the right direction. The server will be used for web development and therefore needs to have the following services/applications: # initial setup HTTP MYSQL SSH POSTFIX CVS (CVSPSERVER) current idea is to connect to cvs via ssh which might be the better idea XServer KDE2 # later IBM WEBSPHERE IBM DB2 I first started to read Marc's article abpout setting up a secure webserver [ http://www.suse.de/en/linux/webserver/index.html ] I think using harden_suse might invoke problems using XServer and any Windowmanager. Anyway due to demands from our Websphere guy he wants to be able to access the Websphere GUI remotely. So my main question seems to be "How to use an XServer remotely and still have a 'secure' box?" Thanks for your help, Andreas -- Andreas Otto OgilvyInteractive | Floor 2, Canberra House 315 - 317 Regent Street | London W1B 2HS Reception +44 207 299 3434 | Fax +44 207 631 5050 http://www.ogilvy.com
At 01:58 AM 12/02/2001, you wrote:
Hi,
I am currently setting up one of our development servers with SuSE 7.0. Since the installation of a "normal" workstation system is pretty much straight forward I believe that there are a lot of things more to be configured to have secure development server.
Hopefully someone on the list can point me to the right direction.
The server will be used for web development and therefore needs to have the following services/applications:
# initial setup HTTP MYSQL
Add --skip-networking to /etc/rc.d/mysql if you don't need to access mysql over the network
SSH
use certificates and disable password based logins
POSTFIX
good
CVS (CVSPSERVER) current idea is to connect to cvs via ssh which might be the better idea
yes
XServer
bad
KDE2
# later IBM WEBSPHERE IBM DB2
I first started to read Marc's article abpout setting up a secure webserver [ http://www.suse.de/en/linux/webserver/index.html ]
I think using harden_suse might invoke problems using XServer and any Windowmanager. Anyway due to demands from our Websphere guy he wants to be able to access the Websphere GUI remotely.
Not so, You just need to make sure that anyone that needs to use X is in the "xok" group.
So my main question seems to be "How to use an XServer remotely and still have a 'secure' box?"
Use X through SSH and you should be fine.. Read up on the ssh docs to find out more about this :-)
Thanks for your help,
Sorry for the short answers, I'm a bit tired.. maybe someone else can be more verbose if you need more help Cheers --- Nix - nix@susesecurity.com http://www.susesecurity.com
* Andreas Otto wrote on Sun, Feb 11, 2001 at 14:58 +0000:
much straight forward I believe that there are a lot of things more to be configured to have secure development server.
To have a nearly (not absolutly ;)) secure development environment you have to detach that network completly from the housenet/LAN (and internet of course)! oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Hi Andreas,
I first started to read Marc's article abpout setting up a secure webserver [ http://www.suse.de/en/linux/webserver/index.html ]
The biggest change to the system was probably running harden_suse which I did in the following way: harden_suse y y y y y n y n y y This seemed to have worked quite well.
I think using harden_suse might invoke problems using XServer and any Windowmanager. Anyway due to demands from our Websphere guy he wants to be able to access the Websphere GUI remotely.
Strangely, after doing harden_suse I can't launch KDE2 anymore KDE instead works fine. Guess I have run into some typically newbie problems here by trying to figure things out which I don't completely understand at the moment ;-) Any hints?
So my main question seems to be "How to use an XServer remotely and still have a 'secure' box?"
Sounds like a contradiction, I know ;-) -- Andreas Otto OgilvyInteractive | Floor 2, Canberra House 315 - 317 Regent Street | London W1B 2HS Reception +44 207 299 3434 | Fax +44 207 631 5050 http://www.ogilvy.com
participants (3)
-
Andreas Otto
-
Nix
-
Steffen Dettmer