System Management

Revision as of 19:55, 26 May 2014 by Bill (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Software Management

  1. System software must always be up to date. Critical patches are released by software vendors and operating system providers on a regular basis. Updates frequently contain fixes for potential vulnerabilities and bugs, if your system is not up to date it may be at risk. A recent example of this is the SSL bug HeartBleed.
  2. Minimising installed software is an important step in reducing potential vulnerabilities. The system should have the bare minimum of packages and software installed to support its purpose.

System Management

  1. Firewall can be enabled via iptables the guides here and here describe iptables configuration.
  2. To protect the server it is important to audit the open ports on the machine. To check listening ports you can run
    netstat -tulpn
  3. Logging and Auditing is a key aspect of server security. All hacking, brute force, DDoS or other attacks should be captured, monitored and analysed.
    This guide describes the location and purpose of common Linux log files.
    To ensure that information is not lost, overwritten or that the logs do not grow infinitely the tool Logrotate can be used.
    Installing a tool like Logwatch allows you to monitor and respond to suspicious activity. The following guide describes installing and configuring Logwatch.
  4. Security Enhanced Linux(SELinux) is a kernel level security control mechanism, which enforces a set of rules and procedures for the system. SELinux provides fine grained control for access rights and permissions.
    To check if it is enabled run
    sestatus
    To enable run
    setenforce enforcing
    To adjust the SELinux config is available at
    /etc/selinux/config
  5. Fail2ban is an excellent tool that can be used both to combat simple DDoS attacks but also to detect and block brute force login attempts.
    Last modified on 26 May 2014, at 19:55