Aide - system integrety check

An intruder may plant or alter some system files for his benefit. Aide is a tool to check system files and detect any changes. It is also regarded as a Advanced Intrusion Detection Environment, as the name implies.

User webroot

Apache allows each user to have their own webroot and present their webroot with a url like "http://www.yourserver.com/~name". Use the follwoing command to enable this functionality:

sudo a2enmod userdir
sudo /etc/init.d/apache2 force-reload

The default user webroot is under directory public_html under of user account root. This can be chanded by editing the configuration file: /etc/apache2/mods-available/userdir.conf

Logwatch - the log analyzer

The system log provides a lot of information to the system administrator, but do you really read the log files every day?

Here comes the help, the Logwatch. I put logwatch in the server security section because the log file reveals some important information on who ran super user commands and what IPs were attempting to access your system. Of course a hacker will probably purge the log file and hide his trace, but system integrity check is another topic I will cover later.

ufw - User friendly firewall

Ufw is an interface to manipulate iptables and configure a host-based firewall. Ufw syntax is illustrated with examples in this section.

Install

sudo apt-get install ufw

By default, ufw is disabled after installation. You have to add rules to enable it. To check ufw status:

sudo ufw status

 

Protect your server from brutal force password cracking

I just described password cracking, and feel obligated to follow up with this immediately.

Since password brutal force password cracking will do many number of password guesses, the server should be configured to deny all login requiests as soon as suspious, repeative failed logins are detected.

The program denyhosts just does this.

 

Crack Password with John the Ripper on Ubuntu 9.10

This section describes how to probe weak user passwords on your system. If the passwords are weak, hackers may guess user names and password and login to your system "legally". Even worse, in many cases user account names are publicly available, such as through email addresses.

An interesting article can be found here: "Hacking Into Your Account is as Easy as 123456"

Stop mail from cron jobs

Ever annoyed by endless emails from Cron? Here is an easy way to disable cron from sending you emails.

Set MAILTO="" variable at the start of your crontab file. Edit/Open your cron jobs
 

$ crontab -e


At the top of the file, enter:

MAILTO=""


Save and close the file.

 

Security

To improve server security, I usually do

Install X video extension "Xv"

Xv is a commandline x video program written in 90's. Yes, in 90's, but still I have users requesting me to install on their Linux boxes.

From wiki (http://en.wikipedia.org/wiki/Xv):
"It distinguishes itself from many other bitmap viewing and editing programs with a very efficient interface in which the user edits just the parameters of a fixed pipeline of processing steps, rather than modifying the bitmap directly in each operation."

Build a Virtual Computer/Desktop Server

Everything goes virtual nowadays :(

With this service, people can work on his/her virtual Ubuntu desktop at office, from home, and during travel.

Here is an example of building a Virtual Desktop server. The server uses FreeNX and the clients use NoMachine's free NX clients. This solution only needs ssh port 22, and can provide Ubuntu desktops to Windows, Mac, and Linux client computers.

The performance and the ease of management are far better than VNC over ssh or ssh X forwarding from my experience.

Syndicate content