We're a community of 1.1M IT Pros here for help, advice, solutions, professional growth and fun. Join us!
1,080,307 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Start New Discussion Reply to this Discussion
Ad: Download FREE Help Desk Software & Helpdesk Tools from Spiceworks
10 Months Ago
0

Linux Hardening - How to Secure Ubuntu

I have Ubuntu 12.04 installed on my home web server which I am hoping to use to host my website in the near future. Security is obviously paramount, and is my primary concern at the moment.

What is there that can be done to help prevent attacks?
My current setup is as follows:

  • Routers in built firewall, of which only HTTP and SSH (80 and 22) are allowed through which goes directly to the server.
  • Ubuntus UFW is enabled, again allowing only HTTP and SSH.
  • Strong passwords, and encrypted HDD
  • Fail2Ban Intrusion Detection System
  • Security updates released by Ubuntu

  • Disabling Root SSH Login

  • Restricting access to folders of the site itself

  • Preventing Apache from disclosing information about itself

Is there anything else which I can do to help protect my LAMP and SSH server and from a glance, how secure does it appear?
My guess is that the main problem shall end up being SQL Injection, but still the server needs to be secure.

Thanks

3
Contributors
4
Replies
2 Days
Discussion Span
10 Months Ago
Last Updated
5
Views
Question
Answered
AHarrisGsy
Posting Pro
535 posts since Nov 2011
Reputation Points: 55
Solved Threads: 45
Skill Endorsements: 15
10 Months Ago
1

You can use iptables to further firewall your servers, and enable SELinux extensions (Security Enhanced Linux), which can very much harden your systems. SELinux was originally developed by the US National Security Agency, and is (or should be) used on all high-security government systems.

rubberman
Posting Maven
2,676 posts since Mar 2010
Reputation Points: 378
Solved Threads: 316
Skill Endorsements: 53
10 Months Ago
0

Thank you, looking at SELinux at the moment but all I can find online about it is people wanting to disable it?

AHarrisGsy
Posting Pro
535 posts since Nov 2011
Reputation Points: 55
Solved Threads: 45
Skill Endorsements: 15
10 Months Ago
0

Hi,

I am guesing that you require ssh access from public thats why you open SSH from firewall. I am using DenyHosts for dictionary attack as well as strong security policy. DenyHosts is really very helpful. Also I am using KeePass for making strongest password.

I think that will helpful.

Sorry for bad english.

ayush1440
Newbie Poster
4 posts since Jan 2010
Reputation Points: 10
Solved Threads: 1
Skill Endorsements: 0
10 Months Ago
0

Yep, I do require SSH from public IPs as I could be travelling and so I can't setup a whitelist. I shall look into DenyHosts and KeePass however I think Fail2Ban has a DenyHosts style feature with it. If the password is incorrect three times it shall block the IP.

AHarrisGsy
Posting Pro
535 posts since Nov 2011
Reputation Points: 55
Solved Threads: 45
Skill Endorsements: 15
Question Answered as of 8 Months Ago by ayush1440 and rubberman

This question has already been solved: Start a new discussion instead

Post: Markdown Syntax: Formatting Help
 
You
Hardware and Software > Linux and Unix
 
© 2013 DaniWeb® LLC
Page generated in 0.0673 seconds using 2.68MB