Linux Server Security

Discussion in 'all things UNIX' started by BrandiCandi, Jun 9, 2012.

Thread Status:
Not open for further replies.
  1. BrandiCandi

    BrandiCandi Guest

    In light of another thread, I would like to discuss necessary security measures one should implement on any given Linux server. For the sake of argument, let's say we have several servers running a website, an sql database, a file server, and an email server.

    I'm in the process of setting up my very first file server on a VLAN. It happens to be an Ubuntu 12.04 server, but I will also be installing a Centos server in the future. I will eventually set up an email, web, and sql server as well. Utlimately they will face the internet. But I want to learn the basics before I unleash them upon the world.

    I'm interested in your personal opinions, links to articles, tutorials, horror stories. Pretty much anything because it's all brand new to me.

    Thanks!
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Remove the UI =p
     
  3. Kyle1420

    Kyle1420 Registered Member

    Joined:
    May 27, 2008
    Posts:
    479
    What would that achieve?... o_O
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Reduce attack surface a ton and avoid keylogging through X.
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Brandi, do you plan on running all of the services on a single box?
    Mrk
     
  6. Gentoo64

    Gentoo64 Registered Member

    Joined:
    Jun 10, 2012
    Posts:
    12
    Location:
    UK
    I doubt it would reduce the attack surface by much, most people just don't have a UI on a server because it's not needed. Waste of resources.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Do "sudo apt-get remove unity" (or whatever your DM is) and see how many dependencies it tries to remove.
     
  8. Gentoo64

    Gentoo64 Registered Member

    Joined:
    Jun 10, 2012
    Posts:
    12
    Location:
    UK
    Of course, removing anything unneeded will improve the potential security. Didn't think Ubuntu Server came with a UI anyway?
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I don't think so but I believe brandi is running with a UI.
     
  10. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    I assume you mean GUI and not UI or else that include command line as well...
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I suppose.
     
  12. BrandiCandi

    BrandiCandi Guest

    OK that was just amusing.

    I'm running an Ubuntu server without a GUI in fact. It does have a command line. It is not headless if that's what you meant Hungry Man.

    Mr.Kvonic, your question is one of the things I was driving at. I presume that one would not want to run all the services on one machine, but I don't know if it's best practice to dedicate one machine per service or keep some of them on one device (or for that matter how I would decide one way or the other). Advice/links/tutorials in this regard would be appreciated.
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Well, if you can, you might want to separate those.
    It's easier for management, and more beneficial for security.
    You will have more fine-grained control of what goes on your boxes.
    Mrk
     
  14. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
  15. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Here is a pretty good guide for RedHat 5, you can amend it to Ubuntu, some of the fields are outdated, though the principles addressed are still very relevant and can help you harden your linux server. :cool: :thumb:
     
    Last edited: Jun 11, 2012
  16. BrandiCandi

    BrandiCandi Guest

    That's exactly what I was looking for. Thanks!

    @mack_guy911: I want to learn what needs to be configured and how to configure a server with security in mind. There are some other out-of-the-box secure servers out there that you may be interested in, I'll post those in the other thread.
     
Loading...
Thread Status:
Not open for further replies.