Hello Community! I am creating a new Server for my company. Therefore, I went through the following two tutorials: http://www.howtoforge.com/extending-perfect-server-debian-squeeze-ispconfig-3 and http://www.howtoforge.com/perfect-server-debian-squeeze-with-bind-and-dovecot-ispconfig-3 for setting up the base system. Now I have a great apache server with e-mail which is only accessible via SSL and FTP which only works via TLS. I also set up Icinga to monitor the server. Of course, aptitude checking for security updates every hour via cronjobs. However, I don't know what I can do to make the server really secure and I guess I'll need additional monitoring tools. What should be the next steps I should follow to make sure that the server won't be cracked ever? Intrusion Detection? More/Better Monitoring? How can I make the daemons more secure?
Hello Falko, thank you for your Reply. I am already using fail2ban. However I am looking for additional ways so I can make sure nobody is cracking my system. For that reason, I went to the Debian IRC Channel. The guys there told me that Debian is very safe by default, and most intrusions are because daemons aren't right configured. After a longer discussion, in essence they advised me to do the following: - setup fail2bain - use a good firewall configuration. ufw should be a great tool to do so - use encryption - read http://www.debian.org/doc/manuals/securing-debian-howto - setup selinux - setup an intrusion detection system In the Secuding Debian Docs, I read about chrooting every daemon. Particularly bind. On this site I read that using SELinux won't be compatible with ISPConfig. Do you have advice on chrooting the daemons by creating chroot-jails for every one and setting up SELinux on a system, while continuing to use ISPConfig 3? Also, do you have advice on a good Intrusion detection system? I will try out the tutorial on aide from http://www.howtoforge.com/linux-security-notes-aide-file-integrity.
I would not use SELinux and also not chroot all your services. Both will cause you more trouble than you gain from it. ISPConfig comes with its own firewall, so there should be no need for an additional tool. Regarding PHP security, make sure you select suExec + FastCGi or suPHP for your web sites in ISPConfig.
