Chapter 5.


Server Security


When a system is used as a server on a public network, it becomes a target for attacks. For this


reason, hardening the system and locking down services is of paramount importance for the system


administrator.


Before delving into these specific issues, you should review the following general tips for enhancing


server security:


Keep all services up to date to protect against the latest threats.


Use secure protocols whenever possible.


Serve only one type of service per machine whenever possible.


Monitor all servers carefully for suspicious activity.


5.1. Securing Services With TCP Wrappers and


xinetd


TCP wrappers provide access control to a variety of services. Most modern network services, such as


SSH, Telnet, and FTP, make use of TCP wrappers, a program that is designed to stand guard between


an incoming request and the requested service.


The benefits offered by TCP wrappers are enhanced when the


/usr/lib/libwrap.a


library is used


in conjunction with


xinetd


, a super service that provides additional access, logging, binding, redi 


rection and resource utilization control.


More information on configuring TCP wrappers and


xinetd


can be found in the chapter titled TCP


Wrappers and


xinetd


in the Official Red Hat Linux Reference Guide.


The following subsections will assume a basic knowledge of each topic and focus on specific security


options.


5.1.1. Enhancing Security With TCP Wrappers


TCP wrappers are capable of much more than denying access to services. This section will illustrate


how it can be used to send connection banners, warn of attacks from particular hosts, and enhance


logging functionality. For a thorough list of TCP wrapper functionality and control language, see the


man page for


hosts_options


.


5.1.1.1. TCP Wrappers and Connection Banners


Sending client connections to a service an intimidating banner is a good way to disguise what system


the server is running while letting a potential attacker know that system administrator is vigilant. To


implement a TCP wrappers banner for a service, use the


banner


option.


This example implements a banner for


wu ftpd


. To begin you must create a banner file. It can be


anywhere on the system, but it must bear same name as the daemon. This example we will name the


file


/etc/banners/in.ftpd


.


The contents of the file will look like this:


220 Hello, %c


220 All activity on ftp.example.com is logged.


220 Act up and you will be banned.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      web hosting comparison

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved