Linux Server Security

Discussion in 'all things UNIX' started by BrandiCandi, Jun 9, 2012.

Thread Status:
Not open for further replies.
  1. BrandiCandi

    BrandiCandi Guest

    In light of another thread, I would like to discuss necessary security measures one should implement on any given Linux server. For the sake of argument, let's say we have several servers running a website, an sql database, a file server, and an email server.

    I'm in the process of setting up my very first file server on a VLAN. It happens to be an Ubuntu 12.04 server, but I will also be installing a Centos server in the future. I will eventually set up an email, web, and sql server as well. Utlimately they will face the internet. But I want to learn the basics before I unleash them upon the world.

    I'm interested in your personal opinions, links to articles, tutorials, horror stories. Pretty much anything because it's all brand new to me.

    Thanks!
     
  2. Hungry Man

    Hungry Man Registered Member

    Remove the UI =p
     
  3. Kyle1420

    Kyle1420 Registered Member

    What would that achieve?... o_O
     
  4. Hungry Man

    Hungry Man Registered Member

    Reduce attack surface a ton and avoid keylogging through X.
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Brandi, do you plan on running all of the services on a single box?
    Mrk
     
  6. Gentoo64

    Gentoo64 Registered Member

    I doubt it would reduce the attack surface by much, most people just don't have a UI on a server because it's not needed. Waste of resources.
     
  7. Hungry Man

    Hungry Man Registered Member

    Do "sudo apt-get remove unity" (or whatever your DM is) and see how many dependencies it tries to remove.
     
  8. Gentoo64

    Gentoo64 Registered Member

    Of course, removing anything unneeded will improve the potential security. Didn't think Ubuntu Server came with a UI anyway?
     
  9. Hungry Man

    Hungry Man Registered Member

    I don't think so but I believe brandi is running with a UI.
     
  10. NGRhodes

    NGRhodes Registered Member

    I assume you mean GUI and not UI or else that include command line as well...
     
  11. Hungry Man

    Hungry Man Registered Member

    I suppose.
     
  12. BrandiCandi

    BrandiCandi Guest

    OK that was just amusing.

    I'm running an Ubuntu server without a GUI in fact. It does have a command line. It is not headless if that's what you meant Hungry Man.

    Mr.Kvonic, your question is one of the things I was driving at. I presume that one would not want to run all the services on one machine, but I don't know if it's best practice to dedicate one machine per service or keep some of them on one device (or for that matter how I would decide one way or the other). Advice/links/tutorials in this regard would be appreciated.
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Well, if you can, you might want to separate those.
    It's easier for management, and more beneficial for security.
    You will have more fine-grained control of what goes on your boxes.
    Mrk
     
  14. mack_guy911

    mack_guy911 Registered Member

  15. EncryptedBytes

    EncryptedBytes Registered Member

    Here is a pretty good guide for RedHat 5, you can amend it to Ubuntu, some of the fields are outdated, though the principles addressed are still very relevant and can help you harden your linux server. :cool: :thumb:
     
    Last edited: Jun 11, 2012
  16. BrandiCandi

    BrandiCandi Guest

    That's exactly what I was looking for. Thanks!

    @mack_guy911: I want to learn what needs to be configured and how to configure a server with security in mind. There are some other out-of-the-box secure servers out there that you may be interested in, I'll post those in the other thread.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice