Skip to main content

How To Secure Your Linux Servers???


The free, open-source GNU/Linux operating system is getting better each year for desktop use, but it's been a major contender for server use since the late 1990s. With popularity, however, it has become profitable for thieves to break into Linux servers and use them for spamming, scams, and serving pornography, among other things. Here are some ways you can protect your server from such a fate.

Steps

  1. Learn to use Linux from the shell (command line). Every layer of software added on to make your system administration "easier" actually adds more methods for crackers to gain access to your machine and also reduces performance. All the further steps will assume your familiarity with using a shell.



  • Using lsof or a similar tool, find out on which ports your computer is listening for connections:

    ns003:~# lsof -i
    COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
    named 17829 root 4u IPv6 12689530 UDP *:34327
    named 17829 root 6u IPv4 12689531 UDP *:34329
    named 17829 root 20u IPv4 12689526 UDP ns003.unternet.net:domain
    named 17829 root 21u IPv4 12689527 TCP ns003.unternet.net:domain (LISTEN)
    named 17829 root 22u IPv4 12689528 UDP 209.40.205.146:domain
    named 17829 root 23u IPv4 12689529 TCP 209.40.205.146:domain (LISTEN)
    lighttpd 17841 www-data 4u IPv4 12689564 TCP *:www (LISTEN)
    sshd 17860 root 3u IPv6 12689580 TCP *:ssh (LISTEN)
    sshd 17880 root 3u IPv6 12689629 TCP *:8899 (LISTEN)
    sshd 30435 root 4u IPv6 74368139 TCP 209.40.205.146:8899->dsl-189-130-12-20.prod-infinitum.com.mx:3262 (ESTABLISHED)




  • If in doubt, hack it out! Shut down any unknown or unneeded services, using the appropriate tools for your Linux distribution, such as update-rc.d on Debian systems, or in some cases editing the /etc/inetd.conf or/etc/xinetd.d/* files. Along with this, get rid of any tools your server provider added for system administration, such as Plesk.




  • Don't allow root logins on your primary sshd port 22 (set PermitRootLogin to "no"); many automated tools run brute-force attacks on that. Set up a secondary port for root access that only works by shared keys, disallowing passwords:
    • Copy the sshd_config file to root_sshd_config, and change the following items in the new file:
      • Port from 22 to some other number, say 8899 (don't use this! make up your own!)
      • PermitRootLogin from "no" (you were supposed to set it to "no" for port 22, remember?) to "yes"
      • AllowUsers root add this line, or if it exists, change it to allow only root logins on this port
      • ChallengeResponseAuthentication no uncomment this line if it's commented out, and make sure it says "no" instead of "yes"
    • Test this command: 

      sshd -D -f /etc/ssh/root_sshd_config
      and see if it works correctly -- try logging in from another computer (you must have already set up shared-key authentication between the two computers) using: 

      ssh -p8899 root@my.remote.server
      and if so, control-C at the above (sshd) command to stop the sshd daemon, then add this to the end of /etc/inittab: 

      rssh:2345:respawn:sshd -D -f /etc/ssh/root_sshd_config
    • Restart the init task: # init q This will run your "root ssh daemon" as a background task, automatically restarting it in case of failure.

    Video


      • Tips

      • Check your log files regularly to see what types of attacks are being run against your server./var/log/auth or /var/log/auth.log is a typical place to find attempted logins: 
        Jan 18 10:48:46 ns003 sshd[23829]: Illegal user rosa from ::ffff:58.29.238.252
        Jan 18 10:48:49 ns003 sshd[23833]: Illegal user rosemarie from ::ffff:58.29.238.252
        Jan 18 10:48:51 ns003 sshd[23838]: Illegal user ruth from ::ffff:58.29.238.252
        Jan 18 10:48:54 ns003 sshd[23840]: Illegal user sabine from ::ffff:58.29.238.252
        Jan 18 10:48:57 ns003 sshd[23845]: Illegal user sandra from ::ffff:58.29.238.252
      • Regularly upgrade your operating system to add security fixes. On Debian: apt-get upgrade
      • Monitor news on vulnerabilities at http://www.securityfocus.com/ and related websites.
      • Try installing grsecurity and/or SELinux and/or AppArmour and/or PaX.

      Warnings

      • Nothing you can do will make your server completely secure. Have backups of all important files, and a backup plan in place in case the worst happens.
      • Never trust a server that has been cracked. A cracker has access to 100% of the system once they have root access.
      Labels:

      Comments

      Post a Comment

      Popular posts from this blog

      How To Root the Xolo Q700 and flash CWM Recovery

      Do you want to root Xolo q700? Do you want to install CWM recovery and take backups, install custom ROMs and do more? Well, here's a step by step method to root the phone and install CWM recovery.  Requirements: The Xolo Q700 phone fully charged Download the USB and ADB drivers for the Xolo Q700 from  here  and  here Download the Motochopper rooting utility from  here Download the flash tool for the recovery from  here Download the recovery image from  here Download the necessary drivers and tools to a folder on your desktop and extract the archives to their respective folders. First, we shall root the phone and later install the CWM recovery patch. Make sure you have administrative rights on your Windows PC before you proceed. Install the necessary driver(s) Rooting the Xolo Q700 For this, we will need the USB and ADB drivers installed. Go ahead and install the drivers (usually one driver should work, but in certain cases, you would have to install bo...
      1 comment
      Read more

      How To Install Wordpress in Linux server

        Hello friend's In this session i am going to tell you how to install Worldpress in Linux server, Wordpress is open source blogging tool and CMS based on PHP and mysql which runs on a web hosting service. Wordpress is use by more then 18.9% of the top 10 million website. In order to install wp we have to configure the   web server   & mysql server. So now i am going to configure mysql database, As you can see sql database has been configured successfully and time to download Wordpress and configure the same, I already downloaded wordpress zip file, Ok guys we successfully configured the wordpress config file and added the our mysql database, user and password, all configuration done now time to move and install wordpress Go to you browser and type http://localhost (i did not configure dns server so i put localhost if you already install dns server then type you website name ) and fill required information After filling the same click to install Bingo :) wordpress ins...
      Post a Comment
      Read more

      Turn Your Cell Phone Into Jammer

       I have managed to build my own cell phone jammer, at last! And now  you  can do the same. Steps Working Principles . This cell phone jammer operates at GSM800 frequency since most mobile phones use it to operate. So the selected VCO is a sweeping oscillator, which is very effective but may be hard to construct for the beginners without nice RF-testing equipment. As a noise source you can use 45MHz clock oscillator which is driving Local Oscillator port located on a mini-circuit mixer. There is also an impedance matching network for Local Oscillator signal to pass through it. It is used to equate impedances of the clock oscillator and the port of the mixer. RF input (which is this port of the mixer) connected to the first 800MHz cell phone antenna, and the RF output is sent to the mini-circuit amplifier. This amplifier increases the output power for 15-16dbm. The amplified signal then sent to the second cell phone antenna. How It Works ?   All cell phones which use G...
      Post a Comment
      Read more