Changes
Created page with "'''Software Management''' <ol> <li> System software must always be up to date. Critical patches are released by software vendors and operating system providers on a regular ba..."
'''Software Management'''
<ol>
<li>
System software must always be up to date. Critical patches are released by software vendors and operating system providers on a regular basis. Updates frequently contain fixes for potential vulnerabilities and bugs, if your system is not up to date it may be at risk. A recent example of this is the SSL bug [https://heartbleed.com HeartBleed].
</li>
<li>
Minimising installed software is an important step in reducing potential vulnerabilities. The system should have the bare minimum of packages and software installed to support its purpose.
</li>
</ol>
'''System Management'''
<ol>
<li>
Firewall can be enabled via [http://www.netfilter.org/projects/iptables/ iptables] the guides [http://www.tecmint.com/basic-guide-on-iptables-linux-firewall-tips-commands/ here] and [http://www.cyberciti.biz/faq/category/iptables/ here] describe iptables configuration.
</li>
<li>
To protect the server it is important to audit the open ports on the machine. To check listening ports you can run
<br>
netstat -tulpn
</li>
<li>
Logging and Auditing is a key aspect of server security. All hacking, brute force, DDoS or other attacks should be captured, monitored and analysed.
<br>
This [http://www.cyberciti.biz/faq/linux-log-files-location-and-how-do-i-view-logs-files/ guide] describes the location and purpose of common Linux log files.
<br>
To ensure that information is not lost, overwritten or that the logs do not grow infinitely the tool [http://www.thegeekstuff.com/2010/07/logrotate-examples/ Logrotate] can be used.
<br>
Installing a tool like Logwatch allows you to monitor and respond to suspicious activity. The following [https://www.digitalocean.com/community/articles/how-to-install-and-use-logwatch-log-analyzer-and-reporter-on-a-vps guide] describes installing and configuring Logwatch.
</li>
<li>
[http://selinuxproject.org/page/Main_Page Security Enhanced Linux(SELinux)] is a kernel level security control mechanism, which enforces a set of rules and procedures for the system. SELinux provides fine grained control for access rights and permissions.
<br>
To check if it is enabled run
<br>
<i>
sestatus
</i>
<br>
To enable run
<br>
<i>
setenforce enforcing
</i>
<br>
To adjust the SELinux config is available at
<br>
<i>
/etc/selinux/config
</i>
</li>
<li>
[http://www.fail2ban.org/wiki/index.php/Main_Page Fail2ban] is an excellent tool that can be used both to combat simple DDoS attacks but also to detect and block brute force login attempts.
</li>
</ol>
<ul>
<ol>
<li>
System software must always be up to date. Critical patches are released by software vendors and operating system providers on a regular basis. Updates frequently contain fixes for potential vulnerabilities and bugs, if your system is not up to date it may be at risk. A recent example of this is the SSL bug [https://heartbleed.com HeartBleed].
</li>
<li>
Minimising installed software is an important step in reducing potential vulnerabilities. The system should have the bare minimum of packages and software installed to support its purpose.
</li>
</ol>
'''System Management'''
<ol>
<li>
Firewall can be enabled via [http://www.netfilter.org/projects/iptables/ iptables] the guides [http://www.tecmint.com/basic-guide-on-iptables-linux-firewall-tips-commands/ here] and [http://www.cyberciti.biz/faq/category/iptables/ here] describe iptables configuration.
</li>
<li>
To protect the server it is important to audit the open ports on the machine. To check listening ports you can run
<br>
netstat -tulpn
</li>
<li>
Logging and Auditing is a key aspect of server security. All hacking, brute force, DDoS or other attacks should be captured, monitored and analysed.
<br>
This [http://www.cyberciti.biz/faq/linux-log-files-location-and-how-do-i-view-logs-files/ guide] describes the location and purpose of common Linux log files.
<br>
To ensure that information is not lost, overwritten or that the logs do not grow infinitely the tool [http://www.thegeekstuff.com/2010/07/logrotate-examples/ Logrotate] can be used.
<br>
Installing a tool like Logwatch allows you to monitor and respond to suspicious activity. The following [https://www.digitalocean.com/community/articles/how-to-install-and-use-logwatch-log-analyzer-and-reporter-on-a-vps guide] describes installing and configuring Logwatch.
</li>
<li>
[http://selinuxproject.org/page/Main_Page Security Enhanced Linux(SELinux)] is a kernel level security control mechanism, which enforces a set of rules and procedures for the system. SELinux provides fine grained control for access rights and permissions.
<br>
To check if it is enabled run
<br>
<i>
sestatus
</i>
<br>
To enable run
<br>
<i>
setenforce enforcing
</i>
<br>
To adjust the SELinux config is available at
<br>
<i>
/etc/selinux/config
</i>
</li>
<li>
[http://www.fail2ban.org/wiki/index.php/Main_Page Fail2ban] is an excellent tool that can be used both to combat simple DDoS attacks but also to detect and block brute force login attempts.
</li>
</ol>
<ul>
