Ubuntu Server Guide

sizcache = "0" sizset = "55">

Securing servers from potential attacks is crucial in today's economic climate. This article is a personal overview of some of the best applications I've reviewed recently to ensure your server, as well as others. This document contains applications that May or May not fit every situation, in order to properly secure Internet facing systems. But that does not use fully open source and free software on the host, so it will run without the need for costly external hardware.

When reviewing existing security policies of several factors must be considered first. These are performance, stability and overall use of system resources. Use this to determine the needs for each of their own requirements. Instead of just pushing all the suggested on a single server. As some applications reviewed are not always fully interchangeable with the others mentioned.

That being said, we start with the worlds most popular Apache web server.

Mod Security

Without a doubt one of my personal favorite Apache Modules mod security. Although it does not require registration to download and is completely free with no restrictions. Mod Security is an invaluable web application firewall that discourages a lot of scum and random robots floating around the Internet today. According to the website security mode for more than 70% of all attacks carried out on the web today are done on the Web application level. What is very relevant, because a compromised Web site can often leak out thousands if not hundreds of thousands of passwords and user credentials in a single compromise.

professional

Mod Security has very strict rules, a set that is capable of blocking many types of web application attacks, most of them can be found in the guidelines established OWASP top 10.

cons

default rules can break the functionality of web applications in the first place. But it can be fixed, if you can find the offending rule review log files and commenting and off. Common things that can happen is that users are unable to login, or some other functionality such as custom search can be broken.

Snort

the following very interesting program Snort known de facto standard for intrusion detection. Snorts job is to monitor the network, while as light as humanly possible. As it does not consume many system resources and slow down the system user can run on. What really makes it unique Snort, however, that the heritage of a very stable and robust IDS with both open source rule sets and more advanced business rule sets that are available through subscription.

professional

Lightweight and flexible, reliable and stable.

cons

free rules are available a lot to be desired in relation to the subscription rules.

AIDE

AIDE integrity check can be used to create hashes of files or directories, and general replacement for older Linux applications trip wires. If the request is changed without the approval of a simple cross reference to the image disk can reveal insights quickly as the files may have changed in this process. Providing SHA1 hashes, or other algorithms. It is therefore very useful to analyze the exact cause of vulnerability in case of possible attacks and in many respects be regarded as root kit detector without all the fancy bells and whistles like our next program.

professional

Supports custom algorithms and makes for a trip where the wire and the other one failed.

cons

lack of documentation in order to properly implement and use for less experienced users to be a concept you can give up quickly. (I'm not wrong, but it's worth .)

rkhunter

Another good root kit detector rkhunter and works very much the same as an aide, but it is more accurate root kit detector in that it scans all the usual locations where it would make sense for a root-kit to hide naLinux system and where historically have been stored.

professional

is very in depth and has support for a wide range of common root-kits.

cons

By default on Debian and Ubuntu it flags a false positive for a fool, awk, and several other directories, but I believe this is only to be falsely positive.

fail2ban

fail2ban helps to block automated queries and often brutal robot or potential attackers through SSH to make too many incorrect login attempts.

professional

Do not automatically prohibit bots only do you protect your system from compromise, but also help keep the server performance to more optimal levels.

cons

myself temporarily locked out before by not setting the threshold high enough and forgot what my password. As long as you do that you should be fine.

Choose the right web host

Although this is not a program I believe that equally important and major factor in keeping your web server is certain to choose the right web host for your environment and needs. While many of their cows, dad, gators and other sharks are trying to add 1 & 1 together $ 5 or less discount hosting of the war. Take some time to consider what you're paying for and if you can afford to pay that bit extra to get the benefits of well-known provider whenever you can.