I want to run my own root server (directly accessible from the web without a hardware firewall) with debian lenny, apache2, php5, mysql, postfix MTA, sftp (based on ssh) and maybe dns server.
What measures/software would you recomend, and why, to secure this server down and minimalize the attack vector? Webapplications aside ...
This is what I have so far:
- iptables (for gen. packet filtering)
- fail2ban (brute force attack defense)
- ssh (chang default, port disable root access)
modsecurity - is really clumsy and a pain (any alternative here?)
?Sudo why should I use it? what is the advantage to normal user handling
- thinking about greensql for mysql www.greensql.net
- is tripwire worth looking at?
- snort?
What am I missing? What is hot and what is not? Best practices?
I like "KISS" -> Keep it simple secure, I know it would be nice!
Thanks in advance ...
No comments:
Post a Comment