1 |
> On Thu, 2004-06-03 at 18:25 +0300, Andrei Maxim wrote: |
2 |
>> Hi, |
3 |
> |
4 |
> Hi! |
5 |
> |
6 |
>> In the last 3 weeks I have discovered a lot about Gentoo and its ease of |
7 |
>> use made me try using my Gentoo Linux box as a web server. |
8 |
>> After this first successful experience, I have configured Postfix and |
9 |
>> Squirrelmail and even made some accounts for my friends. |
10 |
>> |
11 |
>> Right now my #1 concern is related to the security of my computer: it |
12 |
>> has a static IP address and it gets scanned a couple of hundred times |
13 |
>> per day (and I'm not kidding!). Having a mail server at hand might be |
14 |
>> just asking for trouble and I really don't want to spread spam without |
15 |
>> knowing. |
16 |
> |
17 |
> Two major items: |
18 |
> First, make sure all hosts that are exposed to the network are properly |
19 |
> firewalled. You might have a router with a built in firewall, I'd |
20 |
> research iptables and run it on the server anyway (call me paranoid). |
21 |
> Second, if you run an open relay on your mail server, we will break your |
22 |
> legs. Make sure you arent by limiting connections to the mail server |
23 |
> either to local subnets only, or setting up authentication to use the |
24 |
> server (preferably with SSL). Lots of howtos on the web for both |
25 |
> iptables and SMTP auth/SSl with Postfix. |
26 |
> |
27 |
>> I have a really small network of 3 computers (two of them being laptops) |
28 |
>> and the so-called server is also my personal computer which I use on a |
29 |
>> daily basis. |
30 |
>> I was wandering if I should switch to Hardened Gentoo on my server (and |
31 |
>> I am already planning to switch the laptops from Debian to Gentoo) as I |
32 |
>> know it will make things more secure, but also it might be quite an |
33 |
>> overkill for such a small network. |
34 |
> |
35 |
> At the moment we choose not to support Hardened Gentoo on "desktop" |
36 |
> machines, which is essentially what we are talking about here. Alot of |
37 |
> desktop apps, Xfree, mplayer, xine, all misbehave. They have a bad |
38 |
> security track record, and really dont get along with our toolchain |
39 |
> modifications either. If at all possible, I'd recommend getting yourself |
40 |
> a cheap dedicated server to play with, and run only server-type apps. |
41 |
> This also limits the number of exploitable apps on a single box. |
42 |
|
43 |
I run a server on a Virtual Hosted (UML) company and was wondering is gentoo hardened a |
44 |
good idea for hosting web and setting up an email server? |
45 |
|
46 |
Currently i use gentoo, and ofcourse all the security installed, no open relay :) |
47 |
|
48 |
But for extra security i was wondering is hardened a good idea? |
49 |
I use MySQL, PHP and CGI stuff. Also use postfix, courier, and other email apps. NO X or |
50 |
any desktop app installed. |
51 |
I just wanted to know if hardened is the best option since be too secure, in a sense |
52 |
that i wont be able to run anything ;) |
53 |
|
54 |
> |
55 |
>> Switching to Hardened Gentoo might mean that I will lose a rather big |
56 |
>> amount of time to reconfigure everything on my computer, so I really |
57 |
>> don't want to switch unless it's absolutely necessary. |
58 |
> |
59 |
> Nothing here is necessary, we just deliver the best security and |
60 |
> hardening options we can find. |
61 |
> |
62 |
>> I want to run (as a server) Apache, Postfix/Qmail, mailman (or ezmlm?), |
63 |
>> Squirrelmail and SSH. |
64 |
> |
65 |
> Fair enough. |
66 |
> |
67 |
>> Thanks, |
68 |
>> Andrei |
69 |
>> |
70 |
>> -- |
71 |
>> gentoo-hardened@g.o mailing list |
72 |
> |
73 |
> |
74 |
> -- |
75 |
> gentoo-hardened@g.o mailing list |
76 |
> |
77 |
> |
78 |
|
79 |
|
80 |
-- |
81 |
Website: http://www.mooktakim.com |
82 |
email: Mooktakim@×××××××.com |
83 |
|
84 |
-- |
85 |
gentoo-hardened@g.o mailing list |