Hello,
Well, it’s been 2 weeks I have not posted anything and since I visited a friend yesterday who gave me a very knowledgeable security course, this is the perfect time for posting my improvements in building a secure server =)
Over the past 2 weeks, there were 1400 failed logins on ssh and 66 errors in the apache log. I manually banned more than 50 IPs. Hopefully noone broke in and these were more like ‘sympathetic’ knock-knocks from my fellow hackers =)
At least I’ve learned that ANY server (at the very least mine) is attacked on a daily basis (from 8 to 252 times a day). The security I implemented was quite enough but not as good as my friend, Matthias, told me.
Here’s what we had done for a couple of hours yesterday :
- ssh access restricting : easiest way to protect ssh is A. to not allow root to be able to log in and B. to allow only some users who may ‘su -p’ (PermitRootLogin and AllowUsers parameters in /etc/ssh/sshd_config)
- firewall configuring : Matthias used a set of optimized scripts from one of his previous projects; the firewall rules were finely tuned to match with my security requirements, i.e. he commented a lot of lines (some with bandwidth management, for instance)
- administration reporting : he also installed quite a few softwares (especially Logwatch) plus more personal scripts and crontab’ed the report so I would at least get one report in my emailbox @ 7am from Logwatch and also what packages needed to be updated
- overall optimization : 3 open sockets were removed by the firewall and also we removed unnecessary services, like bind and vsftp for instance.
I’m very happy of what we accomplished yesterday : the current security level is very high for the current non-production status of this server.
I still have some reporting tools to install like Munin and some more tuning to perform, but as it stands for now, we met my security requirements.
Next projects : web hosting and ownCloud.