| 1 |
> On Thu, 2004-06-03 at 18:25 +0300, Andrei Maxim wrote: |
| 2 |
>> Hi, |
| 3 |
> |
| 4 |
> Hi! |
| 5 |
> |
| 6 |
>> In the last 3 weeks I have discovered a lot about Gentoo and its ease of |
| 7 |
>> use made me try using my Gentoo Linux box as a web server. |
| 8 |
>> After this first successful experience, I have configured Postfix and |
| 9 |
>> Squirrelmail and even made some accounts for my friends. |
| 10 |
>> |
| 11 |
>> Right now my #1 concern is related to the security of my computer: it |
| 12 |
>> has a static IP address and it gets scanned a couple of hundred times |
| 13 |
>> per day (and I'm not kidding!). Having a mail server at hand might be |
| 14 |
>> just asking for trouble and I really don't want to spread spam without |
| 15 |
>> knowing. |
| 16 |
> |
| 17 |
> Two major items: |
| 18 |
> First, make sure all hosts that are exposed to the network are properly |
| 19 |
> firewalled. You might have a router with a built in firewall, I'd |
| 20 |
> research iptables and run it on the server anyway (call me paranoid). |
| 21 |
> Second, if you run an open relay on your mail server, we will break your |
| 22 |
> legs. Make sure you arent by limiting connections to the mail server |
| 23 |
> either to local subnets only, or setting up authentication to use the |
| 24 |
> server (preferably with SSL). Lots of howtos on the web for both |
| 25 |
> iptables and SMTP auth/SSl with Postfix. |
| 26 |
> |
| 27 |
>> I have a really small network of 3 computers (two of them being laptops) |
| 28 |
>> and the so-called server is also my personal computer which I use on a |
| 29 |
>> daily basis. |
| 30 |
>> I was wandering if I should switch to Hardened Gentoo on my server (and |
| 31 |
>> I am already planning to switch the laptops from Debian to Gentoo) as I |
| 32 |
>> know it will make things more secure, but also it might be quite an |
| 33 |
>> overkill for such a small network. |
| 34 |
> |
| 35 |
> At the moment we choose not to support Hardened Gentoo on "desktop" |
| 36 |
> machines, which is essentially what we are talking about here. Alot of |
| 37 |
> desktop apps, Xfree, mplayer, xine, all misbehave. They have a bad |
| 38 |
> security track record, and really dont get along with our toolchain |
| 39 |
> modifications either. If at all possible, I'd recommend getting yourself |
| 40 |
> a cheap dedicated server to play with, and run only server-type apps. |
| 41 |
> This also limits the number of exploitable apps on a single box. |
| 42 |
|
| 43 |
I run a server on a Virtual Hosted (UML) company and was wondering is gentoo hardened a |
| 44 |
good idea for hosting web and setting up an email server? |
| 45 |
|
| 46 |
Currently i use gentoo, and ofcourse all the security installed, no open relay :) |
| 47 |
|
| 48 |
But for extra security i was wondering is hardened a good idea? |
| 49 |
I use MySQL, PHP and CGI stuff. Also use postfix, courier, and other email apps. NO X or |
| 50 |
any desktop app installed. |
| 51 |
I just wanted to know if hardened is the best option since be too secure, in a sense |
| 52 |
that i wont be able to run anything ;) |
| 53 |
|
| 54 |
> |
| 55 |
>> Switching to Hardened Gentoo might mean that I will lose a rather big |
| 56 |
>> amount of time to reconfigure everything on my computer, so I really |
| 57 |
>> don't want to switch unless it's absolutely necessary. |
| 58 |
> |
| 59 |
> Nothing here is necessary, we just deliver the best security and |
| 60 |
> hardening options we can find. |
| 61 |
> |
| 62 |
>> I want to run (as a server) Apache, Postfix/Qmail, mailman (or ezmlm?), |
| 63 |
>> Squirrelmail and SSH. |
| 64 |
> |
| 65 |
> Fair enough. |
| 66 |
> |
| 67 |
>> Thanks, |
| 68 |
>> Andrei |
| 69 |
>> |
| 70 |
>> -- |
| 71 |
>> gentoo-hardened@g.o mailing list |
| 72 |
> |
| 73 |
> |
| 74 |
> -- |
| 75 |
> gentoo-hardened@g.o mailing list |
| 76 |
> |
| 77 |
> |
| 78 |
|
| 79 |
|
| 80 |
-- |
| 81 |
Website: http://www.mooktakim.com |
| 82 |
email: Mooktakim@×××××××.com |
| 83 |
|
| 84 |
-- |
| 85 |
gentoo-hardened@g.o mailing list |
Archives