Chapter 5.
Server Security
When a system is used as a server on a public network, it becomes a target for attacks. For this
reason, hardening the system and locking down services is of paramount importance for the system
administrator.
Before delving into these specific issues, you should review the following general tips for enhancing
server security:
Keep all services up to date to protect against the latest threats.
Use secure protocols whenever possible.
Serve only one type of service per machine whenever possible.
Monitor all servers carefully for suspicious activity.
5.1. Securing Services With TCP Wrappers and
xinetd
TCP wrappers provide access control to a variety of services. Most modern network services, such as
SSH, Telnet, and FTP, make use of TCP wrappers, a program that is designed to stand guard between
an incoming request and the requested service.
The benefits offered by TCP wrappers are enhanced when the
/usr/lib/libwrap.a
library is used
in conjunction with
xinetd
, a super service that provides additional access, logging, binding, redi 
rection and resource utilization control.
More information on configuring TCP wrappers and
xinetd
can be found in the chapter titled TCP
Wrappers and
xinetd
in the Official Red Hat Linux Reference Guide.
The following subsections will assume a basic knowledge of each topic and focus on specific security
options.
5.1.1. Enhancing Security With TCP Wrappers
TCP wrappers are capable of much more than denying access to services. This section will illustrate
how it can be used to send connection banners, warn of attacks from particular hosts, and enhance
logging functionality. For a thorough list of TCP wrapper functionality and control language, see the
man page for
hosts_options
.
5.1.1.1. TCP Wrappers and Connection Banners
Sending client connections to a service an intimidating banner is a good way to disguise what system
the server is running while letting a potential attacker know that system administrator is vigilant. To
implement a TCP wrappers banner for a service, use the
banner
option.
This example implements a banner for
wu ftpd
. To begin you must create a banner file. It can be
anywhere on the system, but it must bear same name as the daemon. This example we will name the
file
/etc/banners/in.ftpd
.
The contents of the file will look like this:
220 Hello, %c
220 All activity on ftp.example.com is logged.
220 Act up and you will be banned.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

web hosting comparison

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved