Linux Compatible
  • News
    • Channels
    • Archive
    • Search
    • Submit
  • Articles
    • Categories
  • Knowledgebase
  • Compatibility
    • Search
  • Links
  • Forums
  • Twitter
Advertisement

Latest News
[ Windows | Linux | Apple ]

· Nvidia GeForce GTX 1660 Ti Reviews and more
· NVIDIA 418.43 Linux Display Drivers released
· Windows 10 Insider Preview Build 18343 and Build 18841 released
· NVIDIA Geforce Game Ready Driver 419.17 WHQL
· Iscsi-initiator-utils Bug Fix Update for Oracle Linux 6
· Rssh Security Update for Debian 9
· Bind Security Update for Ubuntu Linux
· Build, Mosquitto, Nodejs6, GraphicsMagick Updates for openSUSE
· Adrenalin Software Edition 19.2.2 Driver Performance Analysis using the Red Devil RX 590 and more
· GNOME 3.32 Beta 2 released

Linux Compatibility
· Brother DCP-L2540DN
· Sound Blaster E5
· WD Elements 500GB external hard drive
· Canon D660U Flatbad scanner
· Umax Astra 4500 USB Scanner
· Logitech QuickCam Pro 4000
· Dell Latitude E6420
· Creative Sound Blaster Z
· Photosmart 5520
· TB-5300 Slimline Design Tablet

New Forum Topics
· Dale
by: Dale Blinco
on: 2018-02-05 00:26
1 replies, 4051 views

· modem driver needed
by: jongiffen777
on: 2017-12-13 11:11
1 replies, 5790 views

· Need a decent browser for XP Pro!
by: percy
on: 2017-12-05 11:02
2 replies, 7191 views

· Comodo Time Machine + Faronics Deep Freeze
by: Jabberwocky
on: 2017-11-15 23:17
1 replies, 5706 views

· Linux compatablity
by: ibme
on: 2017-10-04 18:05
1 replies, 7644 views

News Channels
· Drivers
· Guides
· Reviews
· Security
· Software
· Press Release
· Updates
· Interviews
· Linux
· General
· Debian
· Red Hat
· Slackware
· Gentoo
· Mandriva
· White Box
· SUSE
· GNOME
· KDE
· CentOS
· Ubuntu
· MEPIS
· Android
· Oracle Linux
· Arch Linux

What's New
Login to see an overview of all news stories since your last visit.

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

Linux Compatible » Knowledgebase » How can I secure my Mandrake Linux based webserver?

How can I secure my Mandrake Linux based webserver?

Posted by: Philipp Esselbach on: 01/01/2004 06:00 PM [ Print | 0 comment(s) ]

Mandrake Linux comes with Bastille Linux, a powerful solution to securing your Mandrake Linux based server.

Open a terminal window and start the Bastille Linux setup wizard:
su -
interactivebastille

Now you need to answer a few questions to configure Bastille for a webserver:

Would you like to set more restrictive permissions on the administration utilities? <b>Yes</b>
Would you like to disable SUID status for mount/umount? <b>Yes</b>
Would you like to disable SUID status for ping? <b>Yes</b>
Would you like to disable SUID status for at? <b>Yes</b>
Would you like to disable SUID status for the r-tools? <b>Yes</b>
Would you like to disable SUID status for usernetctl? <b>Yes</b>
Would you like to disable SUID status for traceroute? <b>Yes</b>
Would you like to prohibit the clear-text r-protocols which trust IP addresses for authentication? <b>Yes</b>
Would you like to enforce password aging? <b>No</b>
Would you like to restrict the use of cron to administrative accounts? <b>No</b>
Should we disallow root login on tty\\\'s 1-6? <b>Yes</b>
Would you like to password-protect the LILO prompt? <b>No</b>
Would you like to reduce the LILO delay time to zero? <b>No</b>
Do you ever boot Linux from the hard drive? <b>Yes</b>
Would you like to write the LILO changes to a boot floppy? <b>No</b>
Would you like to disable CTRL-ALT-DELETE rebooting? <b>Yes</b>
Would you like to password protect single-user mode? <b>No</b>
Would you like to set a default-deny on TCP Wrappers and xinetd? <b>No</b>
Should Bastille ensure that Telnet service does <b>No</b>t run on this system? <b>Yes</b>
Should Bastille ensure the FTP service does <b>No</b>t run on this system? <b>No</b>
Would you like to display \\"Authorized Use\\" messages at log-in time? <b>No</b>
Would you like to disable the gcc compiler? <b>No</b>
Would you like to put limits on system resource usage? <b>No</b>
Should we restrict console access to a small group of user accounts? <b>No</b>
Would you like to add additional logging? <b>Yes</b>
Do you have a remote logging host? <b>No</b>
Would you like to disable apmd? <b>Yes</b>
Would you like to disable GPM? <b>Yes</b>
Would you like to deactivate the routing daemons? <b>Yes</b>
Do you want to stop sendmail from running in daemon mode? <b>No</b>
Would you like to disable the VRFY and EXPN sendmail commands? <b>Yes</b>
Would you like to chroot named and set it to run as a <b>No</b>n-root user? <b>No</b>
Would you like to deactivate named, at least for <b>No</b>w? <b>No</b>
Would you like to deactivate the Apache web server? <b>No</b>
Would you like to bind the web server to listen only to the localhost? <b>No</b>
Would you like to bind the web server to a particular interface? <b>No</b>
Would you like to deactivate the following of symbolic links? <b>No</b>
Would you like to deactivate server-side includes? <b>No</b>
Would you like to disable CGI scripts, at least for <b>No</b>w? <b>No</b>
Would you like to disable indexes? <b>No</b>
Would you like to disable printing? <b>Yes</b>
Would you like to install TMPDIR/TMP scripts? <b>No</b>
Would you like to run the packet filtering script? <b>Yes</b>
Do you need the advanced networking options? <b>No</b>
DNS Servers <b>0.0.0.0/0</b>
Public interfaces <b>eth+ ppp+ slip+</b>
TCP services to audit <b>telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh</b>
UDP services to audit <b>31337</b>
ICMP services to audit
TCP service names or port numbers to allow on public interfaces <b>20 21 22 25 53 80 110 443 10000</b>
UDP service names or port numbers to allow on public interfaces </b>53</b>
Force passive mode? <b>No</b>
TCP services to block 2049 2065:2090 6000:6020 7100
UDP services to block 2049 6770
ICMP allowed types: <b>destination-unreachable echo-reply time-exceeded</b>
Enable source address verification? <b>Yes</b>
Reject method DENY
Interfaces for DHCP queries
NTP servers to query
ICMP types to disallow outbound destination-unreachable time-exceeded
Should Bastille run the firewall and enable it at boot time? <b>Yes</b>
Would you like to setup PSAD? <b>Yes</b>
psad check interval: 15
Port range scan threshold 1
Enable scan persistence? <b>Yes</b>
Show all scan signatures? <b>Yes</b>
Danger Levels 5 50 1000 5000 10000
Enable email alerts? <b>Yes</b>
Email addresses you@yourdomain.com
Email alert danger level: 1
Alert on all new packets? <b>Yes</b>
Enable automatic blocking of scanning IPs? <b>Yes</b>
Auto blocking danger level: 5
Should Bastille enable psad at boot time? <b>Yes</b>
Do you want to implement the choices <b>No</b>
Do you want to implement the choices now or continue making choices? <b>Yes</b>

Bastille is now ready to use.


Bookmark and Share

· Where is the Firewall Wizard in Mandrake Linux 8.2? »

Linux Compatible » Knowledgebase » How can I secure my Mandrake Linux based webserver?
All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2018 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Powered by Contentteller® Business Edition