Ubuntu 7.10 Server & Security 1

[snootalope]

We're about to migrate a windows web server to a Ubuntu server (cli only) with MySQL.

My knowledge of Linux is edgy at best, and I'm scrambling to find a decent security piece for this new webserver. We've got a new Cisco firewall that'll only allow 80 and 443 through, so that's a good start. But, I'm thinking I need more than that and should have "something" running on the Linux server that'll create logs of traffic and possibly stop an attack or unauthorized event should it happen. Maybe even something that would alert an admin should it find something suspicious. Maybe this sounds like an odd request... Just thought I'd ask and see what others might be using.

Do you a special piece of software to help protect, monitor, and report events on your Linux server? If so, what's it called and what do you like or dislike about it?

Thank you for any information!!

 

[danomac]

SELinux comes to mind. Have you looked into it? It watches all the processes and stops them if behaviour outside the "expected" behaviour happens.

 

[danomac]

Actually, after reading Ubuntu's website, there isn't support for SELinux yet. Outside of using a distro that supports it, you may not have any options.

I have CentOS 5 running apache and it came with SELinux.

 

[geirendre]

SELinux is an excelent security measurement, but it's not
that you must have it to connect a server to the net.
If your behind a desent FireWall, like the PIX,
and implement some common sence security practises, you are a long way.
Here are some rools to follow:
1. Only run those services you need to run.
2. Keep your system updated.
3. Harden your system.
4. Keep an eye on the logs to spot a problem early.

And here's some helpfull reading:

http://www.howtoforge.com/ubuntu_lamp_for_newbies

http://xianshield.org/guides/apache2.0guide.html

http://netsecurity.about.com/od/sec..._Help_You_Secure_Your_Unix_Linux_Computer.htm

http://www.linuxsecurity.com/content/view/101892/155/

http://www.snort.org/docs/

http://httpd.apache.org/docs/

http://mediakey.dk/~cc/howto-secure-apache/

Hope this can get you started

 

[snootalope]

Great starting info there geirendre..

Danomac, I like the sound of SELinux, but it also sounds like a double-edged sword as well. This is going to be our businesses #1 priority for interacting with our customers. If SELinux detected something out of the ordinary that is actually legit and still shutsdown a service, that could be real bad.

 

[roycrom]

Ubuntu ships with AppArmor by default IIRC, this is an extra security layer in a similar vein as SELinux, although I think it is a bit more user friendly.

------------------------------------------
Somethings come from nothing, nothing seems to come from somethings - SFA - Guerilla

roycrom

 

[geirendre]

The new Ubuntu release due out in april 2008, HardyHeron
will ship with a new feature called Policy-kit.
to help finetune security measures.

https://wiki.ubuntu.com/HardyHeron/Beta