![]() I often to disable any default outbound access policies. Note that if the zones share interfaces and or routers the may be less secure than they could be. My usual Shorewall firewall configuration starts with the example configuration for the number of interfaces on the server (or access zones: NET, LAN, DMZ). MySQL and PostgreSQL should listen only on 127.0.0.1 which is secure from direct access from outside your server. This also applies to applications which run under inetd or xinetd. Most telnet servers support use of hosts.allow/ny to restrict access. Unless you really need it, remove the telnet package and replace it with ssh-server. If you have telnet running, you can close the ports by stopping the service.This is replacing previous use of Nagion and MRTG for monitoring and graphing system usage. I use Munin to monitor my systems and in some cases alert me of issues. ![]() A tool like logcheck can monitor your logs and notify you of some of the events you may need to check. Understanding each application's own security mechanisms helps build depth in your mechanisms. Using a firewall builder like Shorewall to build a secure firewall helps. Use hosts.allow/ny for application which support this mechanism.They will usually have one or more mechanisms for securing access. If you need access from other system you will need to change their listener configuration. Applications my MySQL and PostressSQL should listen on localhost by default. SSH server can be secured using the hosts.allow and ny files in addition to its configuration. Apache has its own ACL lists to secure access. Applications such as Apache and SSH server are expected to listen connections from remote servers.This prevents direct access from remote systems. Those processes which do require a listening port usually use localhost (127.0.0.1) by default. Ubuntu does a good job in this respect on a default installation. You had no listening ports because you had no listening processes.Thanks all for the help and Merry Christmas!!!!!!! Can I close these ports without installing a "firewall" Hosting low traffic ecommerce sites.ģ) What do you think is the easiest way for me to quasi-secure the server, Ĥ) Finally, of the said open ports, I have 2 ports I need to close because they are telnet ports. This is going to be open to the internet. Now I have a list of all the ports I would need open. Between these, I ended up opening a few ports (~10). Is that because there was a firewall installed or was it because there were no applications installed?Ģ) I installed some applications, (Apache, postgres,ssh, Java app and some few). I checked for open ports, none were open which was great. I have few generic questions about firewalls and I thought the community up here could help me out.ġ) So I recently installed Ubuntu server barebones.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |