Prev-20 Home Next-20 5 msg DSA/DSS keys and DSA 1576-1/CVE-2008-0166. 2 msg openssl/openssh fixes for lenny (testing) 2 msg openssl / x509 certs 2 msg leakage of keys? 2 msg dowkd.pl - how the blacklist data is generated ? 8 msg Re: [SECURITY] [DSA 1576-1] New openssh package... 4 msg dowkd.pl via Package 1 msg CHAO BAN 32 msg Re: [SECURITY] [DSA 1571-1] New openssl package... 4 msg Broken link on Debian CVE Web page (Was: [SECUR... 10 msg Re: [SECURITY] [DSA 1571-1] New openssl package... 3 msg Re: [SECURITY] [DSA 1575-1] New Linux 2.6.18 pa... 1 msg Mystery of Lyle & Louise is Making Headlines 1 msg Herr Bühler Arbeite nicht mehr bei der V-ZUG AG 5 msg Re: [SECURITY] [DSA 1573-1] New php5 packages f... 4 msg Re: [SECURITY] [DSA 1572-1] New php5 packages f... 3 msg Question about Security securing server \ Jean-Paul Lacquement (7 May 2008) . \ Yves-Alexis Perez (7 May 2008) . . \ Jean-Paul Lacquement (7 May 2008) . . . \ Abdul Bijur Vallarkodath (7 May 2008) . . . . \ Steve (7 May 2008) . . . . . \ Arture Le Coiffeur (7 May 2008) . . . . . \ Abdul Bijur Vallarkodath (7 May 2008) . . . . . . \ Steve (7 May 2008) . . . . . . \ Harry Jackson (7 May 2008) . . . . . . \ Daniel Leidert (7 May 2008) . . . . . \ Bernd Eckenfels (7 May 2008) . . . . \ Oliver Antwerpen (7 May 2008) . . . . . \ Rich Healey (13 May 2008) . \ weakish (7 May 2008) . . \ martin f krafft (7 May 2008) . \ Bernd Eckenfels (7 May 2008) . . \ Jean-Paul Lacquement (7 May 2008) . . . \ Julien Gormotte (7 May 2008) . . . \ Maik Holtkamp (8 May 2008) . \ Brent Clark (7 May 2008) . \ Holger Wesser (7 May 2008) . \ Stephen Vaughan (7 May 2008) . \ Alex Mestiashvili (7 May 2008) . . \ Alex Mestiashvili (7 May 2008) . \ Ticlea Petru Alexandru (7 May 2008) . \ Simon Brandmair (7 May 2008) . . \ martin f krafft (7 May 2008) . \ Simon Valiquette (7 May 2008) . \ Onno Gabriel (7 May 2008) . \ P PRABHU (8 May 2008) . . \ Rich Healey (13 May 2008) . \ Bjørn Mork (8 May 2008) . \ phobot (9 May 2008) . . \ Noah Meyerhans (9 May 2008) . . . \ weakish (9 May 2008) . . \ Johannes Graumann (9 May 2008) . \ Simon Brandmair (9 May 2008) 1 msg Re: [SECURITY] [DSA 1570-1] New kazehakase pack... 2 msg Re: [SECURITY] [DSA 1569-1] New cacti packages ... Prev-20 Home Next-20

Prev-Msg Prev-Thread Debian-security May-2008 Next-Thread Next-Msg Subject: Re: securing server Group: Debian-security From: Brent Clark Date: 7 May 2008 Jean-Paul Lacquement wrote: > Hi, > > I plan to secure my Debian stable (or testing if you say it's better) server. > > > I already did the followings: > - installed chkrootkit > - installed fail2ban (for ssh and proftpd) > - allow only one user (not root) via /etc/ssh/sshd_config, only ssh v2 > > > The followings daemon are installed : > - proftpd > - apache2 > - ssh > > Would you please list me which packages to install and which rules to apply ? > > Many thanks, > Jean-Paul Hi Just remember less (installed software) means more security. So go for the minimalist installation achievable. You may also want to look at software like rkhunter aide logwatch logcheck checksecurity tiger unhide Modsecurity for apache (1&2) If you using SNMP, natuarally V3 would be a good idea If you using ftp, cant you opt for ssh rather, you can even use chroot for ssh. I always use testing. And have had great success. (Recently, I was able to achieve PCI compliancy) O, for ssh password as some ASCII too example. tryAnd_H4ckTh1s5 I dont see the need to iptables rules, but in case you do have the need, rather look at xtables. http://jengelh.medozas.de/projects/xtables/ All the best Brent Clark -- To UNSUBSCRIBE, email to debian-security-REQUEST with a subject of "unsubscribe". Trouble? Contact listmaster Prev-Msg Prev-Thread Debian-security May-2008 Next-Thread Next-Msg

© 2004-2008 readlist.com