I have a server that I want to use as a FTP backup for a database that will be uploaded every night. Also, the server is going to be used in my office as a test machine for my web development guys to test new things they are coding with PHP. The server has already been installed with Debian 5.0 (Lenny), ProftpD, Apache 2, MySql, PHP5 and PHPMyAdmin. The installation has the basic configurations setup with no tweaks at all. The only thing I configured was ProftpD with virtual users. I just wanted to know what steps can I take to secure this server? It's not going to be a production server for now, but once the web dev guys are done testing their code, I'll have to either reformat this or migrate this server to a production one, which will be placed online. Currently, it's behind a firewall already and only the ftp and ssh ports are open. I might as well learn how to secure it now, so when it does go into production, I'll already know what type of tweaks and changes that need to be done. I know that I should check the logs frequently but what else can I do to make sure this is as secure as possible? What tools and specific configurations can I do? Any help would be appreciated.
You could add TLS to your ProFTPd setup: http://www.howtoforge.com/setting-up-proftpd-tls-on-ubuntu-8.10
Thanks for the reply. Is there anything else I can do to this server? I've just added TLS to my ProFTPd installation.
I followed the guide that you provided but now I'm receiving this error in my fail2ban logs: 2009-06-17 20:35:47,135 fail2ban.comm : WARNING Invalid command: ['set', 'sasl', 'failregex', 'warning: [-._\\w]+\\[<HOST>\\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed'] This is my jail.local file: [DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host ignoreip = 127.0.0.1 bantime = 600 maxretry = 3 # "backend" specifies the backend used to get files modification. Available # options are "gamin", "polling" and "auto". # yoh: For some reason Debian shipped python-gamin didn't work as expected # This issue left ToDo, so polling is default backend for now backend = polling # # Destination email address used solely for the interpolations in # jail.{conf,local} configuration files. destemail = root@localhost # Default action to take: ban only action = iptables[name=%(__name__)s, port=%(port)s] [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 5 [apache] enabled = true port = http filter = apache-auth logpath = /var/log/apache*/*error.log maxretry = 5 [apache-noscript] enabled = false port = http filter = apache-noscript logpath = /var/log/apache*/*error.log maxretry = 5 [proftpd] enabled = true port = ftp filter = proftpd logpath = /var/log/auth.log failregex = proftpd: \(pam_unix\) authentication failure; .* rhost=<HOST> maxretry = 5 [sasl] enabled = true port = smtp filter = sasl failregex = warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed logpath = /var/log/mail.log maxretry = 5 And this is what my iptables -L says: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination My ProFTPD is currently setup with TLS, so it might be causing a problem with this setup. Has anyone ever experience this problem?
