Welcome! Log In Create A New Profile

Advanced

Server Security For The Clueless!

Posted by lewy1 
Forum List Message List New Topic
lewy1
Server Security For The Clueless!
January 10, 2012 10:35PM
My POGO-E02 is on it's way to me, and while I was reading up about installing Debian and other apps, I realized that based on what I've read there are many security issues with a server and I have no idea what to worry about and how to secure my server. In my case I want to install Asterisk + FreePBX, Samba and maybe a file server. In the future I might add more. I have no idea whether there are security issues even if Asterisk is only available on the Lan. I, and no doubt many others who are new to Linux and are attracted by the idea of setting up their own server are totally clueless about security. I of course googled a bit, but quickly noticed that many articles are geared towards slightly more knowledgeable Linux users.
My hopes are that the more advanced members here can maybe write a clear short guide that applies to the common uses of the Pogoplug/Dockstar etc, and that would explain things in such a way that everyone can understand.
Thanks
Reply Quote
Vlad
Re: Server Security For The Clueless!
January 12, 2012 04:55PM
There are a lot of things one can do, but I hardly think that anyone will have enough time to write a full blown howto. After all, people write whole books on Debian security and a newbie would hardly learn how to secure a server by just following the steps from someone's writeup.

IMHO nice things are
cron-apt: to make sure that you don't miss updates
postfix+dovecot server (lan only): to get reports from different programs like cron etc.
rkhunter, chrootkit: rootkit scanners
logcheck: check the logs for suspicious things
SNMP: good to know what the system is doing right now
own logrotate rules: e.g. to make sure that logrotate sends you the logs before they are rotated.
etc
Reply Quote
lewy1
Re: Server Security For The Clueless!
January 12, 2012 09:29PM
Thanks. That's certainly great for a start. I do understand that it's a complex topic and can't be fully covered in a forum post, that is why I wrote that maybe someone can cover the basics that apply to the typical usage of a Pogoplug for newbies, which is not a full blown server. Also like I wrote, I think the most important thing is a basic explanation of the risks, so at least people will know when they have potential security issues and will know they need to do more research.
Thanks
Reply Quote
Newer Topic Older Topic
Author:

Your Email:


Subject:
Spam prevention:
Please, enter the code that you see below in the input field. This is for blocking bots that try to post this form automatically. If the code is hard to read, then just try to guess it right. If you enter the wrong code, a new image is created and you get another chance to enter it right.
Message: