Comments on: 10 Things You Should Secure on Your Linux Server http://blog.servepath.com/2008/02/13/10-things-you-should-secure-on-your-linux-server/ Home of the 10,000% Guarantee Fri, 22 May 2009 00:24:28 +0000 hourly 1 http://wordpress.org/?v=3330 By: Bryan Levine http://blog.servepath.com/2008/02/13/10-things-you-should-secure-on-your-linux-server/comment-page-1/#comment-12566 Bryan Levine Thu, 03 Apr 2008 15:33:03 +0000 http://blog.servepath.com/2008/02/13/10-things-you-should-secure-on-your-linux-server/#comment-12566 @ Ron, These steps can be applied to either a web server or a file server depending on if the server is public or private. If you have a private server, such as a back-end database that has no public IP addresses, these settings may not assist you in securing the private server. In that case, ensuring security on your public servers becomes even more important. @ Ron,
These steps can be applied to either a web server or a file server depending on if the server is public or private. If you have a private server, such as a back-end database that has no public IP addresses, these settings may not assist you in securing the private server. In that case, ensuring security on your public servers becomes even more important.

]]> By: ron http://blog.servepath.com/2008/02/13/10-things-you-should-secure-on-your-linux-server/comment-page-1/#comment-12564 ron Thu, 03 Apr 2008 00:51:32 +0000 http://blog.servepath.com/2008/02/13/10-things-you-should-secure-on-your-linux-server/#comment-12564 Are these steps for a file sever or web server. Are these steps for a file sever or web server.

]]> By: Michael Sheehan http://blog.servepath.com/2008/02/13/10-things-you-should-secure-on-your-linux-server/comment-page-1/#comment-12519 Michael Sheehan Fri, 15 Feb 2008 16:06:58 +0000 http://blog.servepath.com/2008/02/13/10-things-you-should-secure-on-your-linux-server/#comment-12519 @ Dave, Thank you for your very details corrections and clarifications. I have edited the post and converted the commands to "preformatted" format so that WordPress (hopefully) will not display the wrong characters. I have also tried to replace the curly quotes, where possible. Please don't hesitate to provide further corrections/clarifications. Again, I appreciate the time you have taken to audit this post. -Michael @ Dave,
Thank you for your very details corrections and clarifications. I have edited the post and converted the commands to “preformatted” format so that WordPress (hopefully) will not display the wrong characters. I have also tried to replace the curly quotes, where possible.

Please don’t hesitate to provide further corrections/clarifications. Again, I appreciate the time you have taken to audit this post.

-Michael

]]> By: Dave http://blog.servepath.com/2008/02/13/10-things-you-should-secure-on-your-linux-server/comment-page-1/#comment-12518 Dave Fri, 15 Feb 2008 12:11:30 +0000 http://blog.servepath.com/2008/02/13/10-things-you-should-secure-on-your-linux-server/#comment-12518 @ tallman: 1. # ls -l /etc/rc2.d/S* | cut –d/ -f6 Wordpress messes up dashes. I found that the "-l" in the above command told ls to go and look for a file named -l rather than list the files in the long format. Just delete the dash and re-type it to make the command work. You may be able to see the differences in the size of the dash depending on what font your terminal is using. 2. find / -path /proc –prune –o –perm -2 ! –type 1 –ls Wordpress has messed up the dashes here as well but once you have fixed that you will find that "-type 1" doesn't work. The correct command should be "-type l" which is a lower case "L". This will ignore symbolic links because their ownership is not really that important. 3. ls –l /etc/rc2.d/S* | cut –d/ -f6 This command worked fine for me on Ubuntu once the dashes were fixed. 4. egrep –v ‘.*:\*|:!’ /etc/shadow|awk -F: ‘{print $1}’ Wordpress messes up apostrophes as well and turns them into some sort of "smart quote". You will need to replace the single quotes in the above command just as you did with the dashes. You will still need to replace the dashes as well. This command worked fine for me with the spaces either side of the pipe but this will be dependent on your shell. All of these commands apart from 3. will need to be run as root or with sudo in front of them. Only root can read the shadow file and the find commands will not have permission to look in certain directories unless you run it as root. Adding the -n option to the "netstat -tulp" command may make it complete much faster as it won't have to do reverse DNS lookups on every IP address. This can make quite a difference on busy systems. I'm not going to make any comment on the quality of the security improvements these 10 command will make other than to say that security is hard. Following these commands may make you "more" secure but they won't make you "absolutely" secure. Don't start believing that you are invulnerable now that you have a firewall. @ tallman:

1. # ls -l /etc/rc2.d/S* | cut –d/ -f6

Wordpress messes up dashes. I found that the “-l” in the above command told ls to go and look for a file named -l rather than list the files in the long format. Just delete the dash and re-type it to make the command work. You may be able to see the differences in the size of the dash depending on what font your terminal is using.

2. find / -path /proc –prune –o –perm -2 ! –type 1 –ls

Wordpress has messed up the dashes here as well but once you have fixed that you will find that “-type 1″ doesn’t work. The correct command should be “-type l” which is a lower case “L”. This will ignore symbolic links because their ownership is not really that important.

3. ls –l /etc/rc2.d/S* | cut –d/ -f6

This command worked fine for me on Ubuntu once the dashes were fixed.

4. egrep –v ‘.*:\*|:!’ /etc/shadow|awk -F: ‘{print $1}’

Wordpress messes up apostrophes as well and turns them into some sort of “smart quote”. You will need to replace the single quotes in the above command just as you did with the dashes. You will still need to replace the dashes as well. This command worked fine for me with the spaces either side of the pipe but this will be dependent on your shell.

All of these commands apart from 3. will need to be run as root or with sudo in front of them. Only root can read the shadow file and the find commands will not have permission to look in certain directories unless you run it as root.

Adding the -n option to the “netstat -tulp” command may make it complete much faster as it won’t have to do reverse DNS lookups on every IP address. This can make quite a difference on busy systems.

I’m not going to make any comment on the quality of the security improvements these 10 command will make other than to say that security is hard. Following these commands may make you “more” secure but they won’t make you “absolutely” secure. Don’t start believing that you are invulnerable now that you have a firewall.

]]> By: Bryan Levine http://blog.servepath.com/2008/02/13/10-things-you-should-secure-on-your-linux-server/comment-page-1/#comment-12517 Bryan Levine Thu, 14 Feb 2008 17:16:14 +0000 http://blog.servepath.com/2008/02/13/10-things-you-should-secure-on-your-linux-server/#comment-12517 Tallman, From the commands you've posted, there is an error in your syntax. Any commands containing a pipe (|) require a space on either side of the pipe. It should be: # egrep –v ‘.*:\* | :!’ /etc/shadow | awk -F: ‘{print $1}’ Thanks. Tallman,

From the commands you’ve posted, there is an error in your syntax. Any commands containing a pipe (|) require a space on either side of the pipe. It should be:

# egrep –v ‘.*:\* | :!’ /etc/shadow | awk -F: ‘{print $1}’

Thanks.

]]> By: tallman http://blog.servepath.com/2008/02/13/10-things-you-should-secure-on-your-linux-server/comment-page-1/#comment-12516 tallman Thu, 14 Feb 2008 13:14:22 +0000 http://blog.servepath.com/2008/02/13/10-things-you-should-secure-on-your-linux-server/#comment-12516 Most of the commands don't work at all, did you test them before posting them? # find / -path /proc –prune –o –perm -2 ! –type 1 –ls find: paths must precede expression Usage: find [-H] [-L] [-P] [path...] [expression] # find / -path /proc –prune –o –nouser –o –nogroup find: paths must precede expression Usage: find [-H] [-L] [-P] [path...] [expression] # ls –l /etc/rc2.d/S* | cut –d/ -f6 cut: –d/: No such file or directory ls: –l: No such file or directory ls: /etc/rc2.d/S*: No such file or directory # egrep –v '.*:\*|:!' /etc/shadow|awk -F: '{print $1}' grep: .*:\*|:!: No such file or directory PS tested on Debian etch, same results on ubuntu 7.10 Most of the commands don’t work at all, did you test them before posting them?
# find / -path /proc –prune –o –perm -2 ! –type 1 –ls
find: paths must precede expression
Usage: find [-H] [-L] [-P] [path...] [expression]
# find / -path /proc –prune –o –nouser –o –nogroup
find: paths must precede expression
Usage: find [-H] [-L] [-P] [path...] [expression]
# ls –l /etc/rc2.d/S* | cut –d/ -f6
cut: –d/: No such file or directory
ls: –l: No such file or directory
ls: /etc/rc2.d/S*: No such file or directory
# egrep –v ‘.*:\*|:!’ /etc/shadow|awk -F: ‘{print $1}’
grep: .*:\*|:!: No such file or directory

PS
tested on Debian etch, same results on ubuntu 7.10

]]>