Difference between revisions of "Linux server security"

From Gender and Tech Resources

m
m
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Intrusion detection ==
+
== Installing intrusion detection ==
  
In hostile environments such as server environments, using a FIA makes sense only if it is installed, fully configured and initialised at the very first boot after an installation from scratch, before ever connecting to the internet or doing anything else. It takes only one attack to install a backdoor. Installing ''aide'' or ''tripwire'' after such an event would guarantee that the backdoor remains just as open as the day an intruder installed it.  
+
In hostile environments such as server environments, using a FIA makes sense only if it is installed, fully configured and initialised at the very first boot after an installation from scratch, before ever connecting to the internet or doing anything else. It takes only one attack to install a backdoor. Installing ''aide'' or ''tripwire'' after such an event would guarantee that the backdoor remains just as open as the day an intruder installed it. For more on ''aide'' vs ''tripwire'', see [[Linux applications#Intrusion detection|Linux applications: Intrusion detection]], and for an example install of aide, see [[Linux_security#Installing_intrusion_detection|Linux security: Installing intrusion detection]].
 
+
For more on aide vs tripwire, see [[Linux applications#Intrusion detection]], and for an example install of aide, see [[Linux_security#Installing_intrusion_detection]]
+
  
 
=== tripwire ===
 
=== tripwire ===
 
== Traffic
 
  
 
=== snort ===
 
=== snort ===
 +
 +
== Firewall ==
 +
 +
=== iptables ===
 +
 +
=== netfilter ===
  
 
== Server connections ==
 
== Server connections ==
Line 28: Line 30:
  
 
Traffic Control (TC) and TC New Generation (TCNG)
 
Traffic Control (TC) and TC New Generation (TCNG)
 +
 +
== Backups ==
 +
 +
=== Backup over ssh ===
 +
 +
=== Backup with rsync ===
 +
 +
=== Backup with unison ===

Latest revision as of 14:55, 26 July 2015

Installing intrusion detection

In hostile environments such as server environments, using a FIA makes sense only if it is installed, fully configured and initialised at the very first boot after an installation from scratch, before ever connecting to the internet or doing anything else. It takes only one attack to install a backdoor. Installing aide or tripwire after such an event would guarantee that the backdoor remains just as open as the day an intruder installed it. For more on aide vs tripwire, see Linux applications: Intrusion detection, and for an example install of aide, see Linux security: Installing intrusion detection.

tripwire

snort

Firewall

iptables

netfilter

Server connections

Remote commands and procedure calls

ssh, rssh, scp and sftp.

Remote Procedure Calls (RPC), Portmapper

Network Wrappers (PAM)

ICMP

Blocking ICMP and look invisible to ping.

Traffic control

Traffic Control (TC) and TC New Generation (TCNG)

Backups

Backup over ssh

Backup with rsync

Backup with unison