Offline
I'd like to secure my linux(debian) server.
Anybody can help in it?
I have ftp, ssh, web, sql server on it..
and i'd like to secure these and the whole linux system too..
Forum
Off Topic Linux Server Security
Linux Server Security
19 replies
1 
I'd like to secure my linux(debian) server.
Anybody can help in it?
I have ftp, ssh, web, sql server on it..
and i'd like to secure these and the whole linux system too..
Admin/mod comment
§2.2 - Only meaningful contributions with added value Admin/mod comment
Quote removed /
useigor Admin/mod comment
§2.1 - No needless and/or doubled posts (spam) Why do you use FTP when you can use SFTP ? And it's built on SSH.
You can look here, or here
Marcell has writtenI have ftp, ssh, web, sql server on it..
and i'd like to secure these and the whole linux system too..
and i'd like to secure these and the whole linux system too..
Shawni has stated there's no need for FTP when there's SSH (it has also a included SSH FTP) which installs with SSH and it's much more secure and useful.You can install it with this one liner.
sudo apt-get install ssh
edited 2×, last 28.10.13 08:37:28 pm
Marcell: Just a couple of advices from me:
1)
apt-get update && apt-get upgradeeveryday!
2) Don't use FTP, it's generally insecure compared to SSH. Stick with SSH & SFTP.
3) Create another root-like account with admin rights and use it. For root, set extremely hard password and disallow login via SSH. Never touch it then. Same with MySQL.
4) Only allow su for your admin user.
5) Configure iptables, at least some basic limitations.
6) Don't run Apache.
@
DannyDeth: sudo is so tiresome. I use su instead.
@
lev258: He has Debian server, not Ubuntu. Not so much difference, but still.
*Password are everything, as the command passwd like to tell you that passwords based on dictionary word
are really BAD. Try to make your password longer and include some punctuations and some capital letter ( Linux filesystem is case sensitive ).
*Stop using MySQL if it's not indeed.
*Install DenyHost.
*Change SSH port.
*Stop using root ( edit /etc/ssh/ssh_config ) and create another account or use SSH Keys.
*Keep your OS updated.
Shawni has written*Change SSH port.
I forgot to mention this, but it's essential in my opinion.
archmage has writtenInstall Gentoo.
He would run out of patience after two days of compiling.
And in case you're using PHPMyAdmin: Choose a random folder name (nothing which contains terms like "admin", "php", "sql" or "db") and add at least an additional .htaccess password protection. There are tons of bots out there which systematically search for PHPMyAdmin.
DC: Or better yet let it run on a dedicated port.
SD has written4) Only allow su for your admin user.
I'd never thought of this, pretty good idea.
i had a ubuntu server dvd, so installed from it, and works fine
Marcell, if it's a private server from some provider then it's a shame, i mean Debian must be on the top list as it's the best linux distro for servers. Admin/mod comment
Quote removed / useigor 1