Hi, I have Ispconfig installed as a firewall for the site i'm still working and not deployed yet at this time. I know that IspConfig ensures a very tight security to the site but with all the howto's i went through, i wonder if i'm missing an extra security mesure like : mode_security according to this Falko howto: http://www.howtoforge.com/apache_mod_security or snort and base According to this Edge howto: http://www.howtoforge.com/intrusion_detection_base_snort or i think maybe that i'm missing a security tool that will cop with Ispconfig and allow me to see, detect and take measures on realtime about attacks and intrusions. Can you please guide me through. Thanks alot in advance. Llamy.
You can combine these two howtos with ISPConfig. ISPConfig itself is a server configuration tool, not a security tool. Just install and configure the additional security software on your serverm it will not conflict with your ISPConfig installation.
No, just make sure that you install all available updates for your linux distribution regularily and enable the ISPConfig firewall. Do not start unneeded services. If you used one of the perfect setup guides, your server should not run any unneeded services.
That will be it! Yes i have followed the Fed Core 6 perfect setup and and also the LAMP server with IspConfig as a firewall on Fed Core 6 by Falko, and just left the basic configuration that come with IspConfig as it (about the ports scanning). I will just go ahead now and add the 2 howto 's above, Thanks again one more time Till for your help!. Llamy.
One other nice extra option to add is PSAD (http://www.cipherdyne.com/psad/) I've got it running on my Debian systems. When a person does a port scan to one of my servers it's IP get blocked for a set time. (in my case for 10 minutes)
Thanks Edge! Thank you very much for that nice extra option tip, i have install both psad and fwsnort from http://www.cipherdyne.com as you mentionned and the installation was succesfull. So if i understand so far the doc, you have only one command line to see the attacks : psad --status and how did you set time to 10 min in psad.conf to block IPs. Thnks again. Llamy.
It has been some time ago that I did the setup for psad, but all needed things are set within psad.conf More info about the scan timeout here
