Home · Compatibility Lists · Support Forums · FAQ · News Archive · Articles · Submit News/Upcoming News

How can I secure my Mandrake Linux based webserver?

Mandrake Linux comes with Bastille Linux, a powerful solution to securing your Mandrake Linux based server.

Open a terminal window and start the Bastille Linux setup wizard:
su -
interactivebastille

Now you need to answer a few questions to configure Bastille for a webserver:

Would you like to set more restrictive permissions on the administration utilities? Yes
Would you like to disable SUID status for mount/umount? Yes
Would you like to disable SUID status for ping? Yes
Would you like to disable SUID status for at? Yes
Would you like to disable SUID status for the r-tools? Yes
Would you like to disable SUID status for usernetctl? Yes
Would you like to disable SUID status for traceroute? Yes
Would you like to prohibit the clear-text r-protocols which trust IP addresses for authentication? Yes
Would you like to enforce password aging? No
Would you like to restrict the use of cron to administrative accounts? No
Should we disallow root login on tty\'s 1-6? Yes
Would you like to password-protect the LILO prompt? No
Would you like to reduce the LILO delay time to zero? No
Do you ever boot Linux from the hard drive? Yes
Would you like to write the LILO changes to a boot floppy? No
Would you like to disable CTRL-ALT-DELETE rebooting? Yes
Would you like to password protect single-user mode? No
Would you like to set a default-deny on TCP Wrappers and xinetd? No
Should Bastille ensure that Telnet service does Not run on this system? Yes
Should Bastille ensure the FTP service does Not run on this system? No
Would you like to display \"Authorized Use\" messages at log-in time? No
Would you like to disable the gcc compiler? No
Would you like to put limits on system resource usage? No
Should we restrict console access to a small group of user accounts? No
Would you like to add additional logging? Yes
Do you have a remote logging host? No
Would you like to disable apmd? Yes
Would you like to disable GPM? Yes
Would you like to deactivate the routing daemons? Yes
Do you want to stop sendmail from running in daemon mode? No
Would you like to disable the VRFY and EXPN sendmail commands? Yes
Would you like to chroot named and set it to run as a Non-root user? No
Would you like to deactivate named, at least for Now? No
Would you like to deactivate the Apache web server? No
Would you like to bind the web server to listen only to the localhost? No
Would you like to bind the web server to a particular interface? No
Would you like to deactivate the following of symbolic links? No
Would you like to deactivate server-side includes? No
Would you like to disable CGI scripts, at least for Now? No
Would you like to disable indexes? No
Would you like to disable printing? Yes
Would you like to install TMPDIR/TMP scripts? No
Would you like to run the packet filtering script? Yes
Do you need the advanced networking options? No
DNS Servers 0.0.0.0/0
Public interfaces eth+ ppp+ slip+
TCP services to audit telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh
UDP services to audit 31337
ICMP services to audit
TCP service names or port numbers to allow on public interfaces 20 21 22 25 53 80 110 443 10000
UDP service names or port numbers to allow on public interfaces 53
Force passive mode? No
TCP services to block 2049 2065:2090 6000:6020 7100
UDP services to block 2049 6770
ICMP allowed types: destination-unreachable echo-reply time-exceeded
Enable source address verification? Yes
Reject method DENY
Interfaces for DHCP queries
NTP servers to query
ICMP types to disallow outbound destination-unreachable time-exceeded
Should Bastille run the firewall and enable it at boot time? Yes
Would you like to setup PSAD? Yes
psad check interval: 15
Port range scan threshold 1
Enable scan persistence? Yes
Show all scan signatures? Yes
Danger Levels 5 50 1000 5000 10000
Enable email alerts? Yes
Email addresses you@yourdomain.com
Email alert danger level: 1
Alert on all new packets? Yes
Enable automatic blocking of scanning IPs? Yes
Auto blocking danger level: 5
Should Bastille enable psad at boot time? Yes
Do you want to implement the choices No
Do you want to implement the choices now or continue making choices? Yes

Bastille is now ready to use.

Back to previous page

All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2008 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Website powered by Esselbach Storyteller CMS System

Home · Compatibility Lists · Support Forums · FAQ · News Archive · Articles · Submit News/Upcoming News

advertisement

Latest Linux News

Latest Threads

Latest Web News

Latest Mac News

Welcome to our website

Advertisement

Topics

News Feeds

Appearance

Links

FAQ (Frequently Asked Questions) - How can I secure my Mandrake Linux based webserver?

All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2008 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Website powered by Esselbach Storyteller CMS System

Home · Compatibility Lists · Support Forums · FAQ · News Archive · Articles · Submit News/Upcoming News

advertisement

Latest Linux News

Latest Threads

Latest Web News

Latest Mac News

Welcome to our website

Advertisement

Topics

News Feeds

Appearance

Links

FAQ (Frequently Asked Questions) - How can I secure my Mandrake Linux based webserver?

All products mentioned are registered trademarks or trademarks of their respective owners. © 2002-2008 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy Website powered by Esselbach Storyteller CMS System

All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2008 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Website powered by Esselbach Storyteller CMS System