Prevent brute force attacks using fail2ban
fail2ban monitors log files such as /var/log/auth.log and /var/log/apache/access.log and temporarily or persistently bans failure-prone addresses by updating existing firewall rules. Currently, by default, fail2ban supports ssh/apache/vsftpd but configuration can be easily extended for monitoring any other ASCII file.
1. Install fail2ban
apt-get install fail2ban
Installing HAVP (HTTP Antivirus Proxy)
HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. The main aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic. Havp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone.
1. Install HAVP
apt-get install havp
OpenID authentication with the mod_auth_openid Apache module
mod_auth_openid is an authentication module for the Apache 2 webserver. It handles the functions of an OpenID consumer as specified in the OpenID 2.0 specification.
After a user authenticates themselves, the user's identity will be available in the REMOTE_USER variable. A cookie named open_id_session_id is saved to maintain each user's session.
1. Install the module
apt-get install libapache2-mod-auth-openid
Install mod_spamhaus Apache module to fight comment spam
mod_spamhaus is an Apache module for DNS Block Listing that protects web services by denying access to particular IP addresses. It can stop spam relaying via web form URL injection, and block HTTP DDoS attacks from bot-nets.
It queries sbl-xbl.spamhaus.org, taking advantage of the Spamhaus Block List (SBL) and the Exploits Block List (XBL).
1. Download the latest mod_spamhaus deb package from sid package repository (mod_spamhaus is not available for lenny but we can use the sid package)
wget http://ftp.us.debian.org/debian/pool/main/m/mod-spamhaus/libapache2-mod-spamhaus_0.7-1_i386.deb
Installing and configuring PPTP VPN server on lenny
If you would like to setup a Virtual Private Network (VPN) for Windows clients, PPTP is a great choice. It's easy to set up on the server and you don't need any additional software for the Windows clients to connect.
1. Install the required packages
apt-get install pptpd
Installing suPHP
suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.
1. Install suPHP
apt-get install libapache2-mod-suphp
Scan your web server for vulnerabilities with Nikto
Nikto is a web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
1. Install Nikto
apt-get install nikto
Disable root login to SSH
Allowing root logins to your SSH damon is a big security threat. If the SSH port is open, hackers will probably at some time attempt to brute force your root password. It's a good idea to disable root logins to SSH and instead use a normal user to login and type "su -" to enter the super user shell or sudo to perform tasks that require root privileges.
1. Open the SSH daemon config file and change this line: (pico /etc/ssh/sshd_config)
PermitRootLogin no
Adding a sudoer to use sudo on Debian
Sudo allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments.
1. Create a new user (optional)
adduser user1
Securing unencrypted traffic with stunnel
Stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively. In this tutorial we'll secure Samba connection but you could use this for other services like SMTP, IMAP, POP3 etc.
If you are securing a service where the client supports encrypting like SMTP, IMAP and POP3 you can skip the client step.
Server
1. Install stunnel
apt-get install stunnel
Hosting sponsor
Debian Tutorials
Tag Cloud
Categories
- Backup (2)
- Control Panel (1)
- DNS (3)
- FTP (2)
- General (4)
- Kernel (2)
- Mail (16)
- Monitoring (8)
- MySQL (13)
- Networking (4)
- PostgreSQL (1)
- Release (66)
- Security (13)
- Virtualization (4)
- Web (19)
- X (1)
Popular Tutorials
- Installing Zend Optimizer
- Installing ionCube
- Installing Zenoss monitoring system
- Installing and configuring PPTP VPN server on lenny
- Pure-FTPd with MySQL backend
- Installing Postfix with MySql backend and SASL for SMTP authentication
- Loading iptables rules on startup
- Installing DSPAM with ClamAV for Postfix on lenny
Ubuntu Tutorials – Latest
- Installing PEAR framework and packages
- Install mod_spamhaus Apache module to fight comment spam
- Installing ionCube
- Installing Zend Optimizer
- Disable root login to SSH