Difference between revisions of "System Management"

Line 6: Line 6:
 
#Firewall can be enabled via [http://www.netfilter.org/projects/iptables/ iptables] the guides [http://www.tecmint.com/basic-guide-on-iptables-linux-firewall-tips-commands/ here] and [http://www.cyberciti.biz/faq/category/iptables/ here] describe iptables configuration.
 
#Firewall can be enabled via [http://www.netfilter.org/projects/iptables/ iptables] the guides [http://www.tecmint.com/basic-guide-on-iptables-linux-firewall-tips-commands/ here] and [http://www.cyberciti.biz/faq/category/iptables/ here] describe iptables configuration.
 
#To protect the server it is important to audit the open ports on the machine. To check listening ports you can run
 
#To protect the server it is important to audit the open ports on the machine. To check listening ports you can run
netstat -tulpn
+
:netstat -tulpn
 
#Logging and Auditing is a key aspect of server security. All hacking, brute force, DDoS or other attacks should be captured, monitored and analysed. This [http://www.cyberciti.biz/faq/linux-log-files-location-and-how-do-i-view-logs-files/ guide] describes the location and purpose of common Linux log files. To ensure that information is not lost, overwritten or that the logs do not grow infinitely the tool [http://www.thegeekstuff.com/2010/07/logrotate-examples/ Logrotate] can be used. Installing a tool like Logwatch allows you to monitor and respond to suspicious activity. The following [https://www.digitalocean.com/community/articles/how-to-install-and-use-logwatch-log-analyzer-and-reporter-on-a-vps guide] describes installing and configuring Logwatch.
 
#Logging and Auditing is a key aspect of server security. All hacking, brute force, DDoS or other attacks should be captured, monitored and analysed. This [http://www.cyberciti.biz/faq/linux-log-files-location-and-how-do-i-view-logs-files/ guide] describes the location and purpose of common Linux log files. To ensure that information is not lost, overwritten or that the logs do not grow infinitely the tool [http://www.thegeekstuff.com/2010/07/logrotate-examples/ Logrotate] can be used. Installing a tool like Logwatch allows you to monitor and respond to suspicious activity. The following [https://www.digitalocean.com/community/articles/how-to-install-and-use-logwatch-log-analyzer-and-reporter-on-a-vps guide] describes installing and configuring Logwatch.
 
#[http://selinuxproject.org/page/Main_Page Security Enhanced Linux(SELinux)] is a kernel level security control mechanism, which enforces a set of rules and procedures for the system. SELinux provides fine grained control for access rights and permissions. To check if it is enabled run:
 
#[http://selinuxproject.org/page/Main_Page Security Enhanced Linux(SELinux)] is a kernel level security control mechanism, which enforces a set of rules and procedures for the system. SELinux provides fine grained control for access rights and permissions. To check if it is enabled run:
 
  sestatus
 
  sestatus

Revision as of 21:15, 26 May 2014

Software Management

  1. System software must always be up to date. Critical patches are released by software vendors and operating system providers on a regular basis. Updates frequently contain fixes for potential vulnerabilities and bugs, if your system is not up to date it may be at risk. A recent example of this is the SSL bug HeartBleed.
  2. Minimising installed software is an important step in reducing potential vulnerabilities. The system should have the bare minimum of packages and software installed to support its purpose.

System Management

  1. Firewall can be enabled via iptables the guides here and here describe iptables configuration.
  2. To protect the server it is important to audit the open ports on the machine. To check listening ports you can run
netstat -tulpn
  1. Logging and Auditing is a key aspect of server security. All hacking, brute force, DDoS or other attacks should be captured, monitored and analysed. This guide describes the location and purpose of common Linux log files. To ensure that information is not lost, overwritten or that the logs do not grow infinitely the tool Logrotate can be used. Installing a tool like Logwatch allows you to monitor and respond to suspicious activity. The following guide describes installing and configuring Logwatch.
  2. Security Enhanced Linux(SELinux) is a kernel level security control mechanism, which enforces a set of rules and procedures for the system. SELinux provides fine grained control for access rights and permissions. To check if it is enabled run:
sestatus