Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Ubuntu 7.10 Server & Security 1

Status
Not open for further replies.

snootalope

IS-IT--Management
Jun 28, 2001
1,706
US
We're about to migrate a windows web server to a Ubuntu server (cli only) with MySQL.

My knowledge of Linux is edgy at best, and I'm scrambling to find a decent security piece for this new webserver. We've got a new Cisco firewall that'll only allow 80 and 443 through, so that's a good start. But, I'm thinking I need more than that and should have "something" running on the Linux server that'll create logs of traffic and possibly stop an attack or unauthorized event should it happen. Maybe even something that would alert an admin should it find something suspicious. Maybe this sounds like an odd request... Just thought I'd ask and see what others might be using.

Do you a special piece of software to help protect, monitor, and report events on your Linux server? If so, what's it called and what do you like or dislike about it?

Thank you for any information!!
 
SELinux comes to mind. Have you looked into it? It watches all the processes and stops them if behaviour outside the "expected" behaviour happens.
 
Actually, after reading Ubuntu's website, there isn't support for SELinux yet. Outside of using a distro that supports it, you may not have any options.

I have CentOS 5 running apache and it came with SELinux.
 
SELinux is an excelent security measurement, but it's not
that you must have it to connect a server to the net.
If your behind a desent FireWall, like the PIX,
and implement some common sence security practises, you are a long way.
Here are some rools to follow:
1. Only run those services you need to run.
2. Keep your system updated.
3. Harden your system.
4. Keep an eye on the logs to spot a problem early.

And here's some helpfull reading:

Hope this can get you started :)
 
Great starting info there geirendre..

Danomac, I like the sound of SELinux, but it also sounds like a double-edged sword as well. This is going to be our businesses #1 priority for interacting with our customers. If SELinux detected something out of the ordinary that is actually legit and still shutsdown a service, that could be real bad.
 
Ubuntu ships with AppArmor by default IIRC, this is an extra security layer in a similar vein as SELinux, although I think it is a bit more user friendly.

------------------------------------------
Somethings come from nothing, nothing seems to come from somethings - SFA - Guerilla

roycrom :)
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top