http://www.Linux-Sec.net Hardening-Tightening Security_Policy Hardening-HOWTO Linux Distros Distro Patches Kernel-Patches Dedicated Servers Firewalls DNS Servers Mail Servers Web Servers Turn-Off Daemons Tighten Inetd Services Top-10 Vulnerabilities Top-7 Security Mistakes Top-10 Vulnerabilities Top-20 Most Critical Vulnerability Top-10 Virus Scans/Attacks Stats Top-10 Attacks Hacked Servers One Minute Audits OpenPorts Audit AntiVirus - AntiSpam Anti-Spam Anti-Virus spam.wav Wireless [In]Security Sniffers Security Tools SSH_SSL Firewalls MailServer FileSystem VPN Port Scan Detectors IDS Tools LogFile Analysis Ethernet Monitoring Server Monitoring Tracking & Forensics Hackers Tools Audit Tools Port Scanners Hacking Tools Sniffer Tools Exploits & Vulnerbilities Wireless Wireless [In]Security Misc Statistics Linux/BSD Distros Links,Articles,WatchDogs Security Mailing Lists/FAQs Liability Insurance 1U Rackmount Chassis Custom-Chassis.com Linux-1U.net 1U-ITX.net ITX-Blades.net Small PC cases Mini-Box.net Wrap-Box.net Wrap-OS.net Wan-Sim.net Linux-Consulting.com Linux-CAE.net Linux-Sec.net Linux-Boot.net Linux-Backup.net Linux-Wireless.org Linux-Office.net Linux-Video.net Linux-Jobs.net Linux-Diff.net 1U-Raid5.net Spam Reporting Free Linux CDs ISO9660.org Distro-CD.org Patch-CD.org Contact Linux is a registered trademark of Linus Torvalds More Linux Legalese

Dedicated Function Server Hardening Server Hardening Generic Server Hardening The Infamous Turn Off Un-Used Services in inetd The Infamous Turn Off Un-Used Daemons DNS Servers DNS Server Hardening/Testing LogHost Servers Use a more secure linux distro No user accounts Mirror log files to a secure loghost FireWalls Use a more secure linux distro linux-2.0.x - ipfwadm linux-2.2.x - ipchains linux-2.4.x - ipfilter/netfilter Firewall Configuration, Howto, Examples, etc Mail Servers Linux-Sec.net/Mail Hardening your Mail server Separate outgoing (smtp) email server from incomng (local pop3) email server Use secure pop3/imap IBM's postfix instead of sendmail Test for Open Relays Online Open Relay Testing Fix Open Relays Vix.com Anti Relay Ja.Net Repairing open mail relays Prevent/Minimize Incoming Junk Mail Anit-Spam Prevent/Minimize Incoming Email Viruses Linux-based AntiVirus Scanners Web Servers If you receive credit card info and other confidential info at your secure webserver Do NOT, do NOT send those confidential date back to the user via email WebServer Load Testing while ( 1 ) do date cd /tmp/http_load_test ; lynx -dump http://www.Target.com done -- or -- for (x=0; x<15; x++) do date wget -r -l0 -O /dev/null -q http://www.Target.com done Load Testing httpperf http_load ezhttpbench.php Secure WebServer Apache-SSL ModSSL for Apache Commercial Secure WebServer Redhat aquired Stronghold No user login accounts Apache.org Security Tips Apache.org FAQ Web contents should be updated automatically by a script from the staging server Download and Install the latest apache Download and Install the latest security patches Configure RobotsTxt.org Install CGI Scan Detector Install Whisker CGI scanner Use a script to transfer tested website changes from the staging webserver to the real website Hogwash Trechaery.net EarlyBird - handling of *.exe http_filter, mod-proxy FTP Servers LinuxMafia.com List of FTP daemons Cert.org Anonymous FTP Considerations cr.yp.to FAQS.org FTP Security Considerations FreeFire.org FTP Tutorial SlackSite.com Active vs Passive FTP WBGlinks.net Secure Linux RedHat 7 FTP Anonymous Upload Server CCP14.ac.uk Secure FTP w/ Tunnelling Turn off real user logins Use scp allowing users to transfer files Disallow anonymous uploading of files If you do allow anonymous uploading of files, make it non-executable For real user ( not anonymous/guest ) to transfer files between machines: Use sftp or scp ( from SSH packages ) FTP Checking script ftp_check.pl NIS/YP and Authentication Servers Build/create at least 2 or 3 secondary YP servers on each LAN PPP Servers Disallow users from coming into your LAN if the ppp server is outside your firewall You should have the PPP server inside your firewall on it's own private PPP Lan Use VPN or ssh to a local secure gateway ( 2-NICs ) before getting into the main corp lan Virtual Hosting Servers Virtual Hosting -- do we wanna start this stuff ??? hummm... LinuxDoc.org IP_Masquerade ParDeike.net Virtual Hosting DNS

Copyright © 2000	Linux-Consulting	All Rights Reserved.	Updated: Sun Nov 21 23:52:14 2004 PDT