|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [discuss] Which security level for a server running apache+ssh on the internet
From: Evan Waite (evan.waite
itracks.com)
Date: Mon Dec 22 2003 - 11:32:40 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I actually run all mine at level 5 with some extra tweaks. The big thing to remember is you can override any options you need. For instance, if you want to be able to ssh in from any IP. Add the following line to your /etc/hosts.allow file
# Allow SSH from any connection
sshd : ALL : ALLOW
Also, anything msec does can be changed in the files /etc/security/msec/level.local or /etc/security/msec/perm.local
Get more info by reading man mseclib and man msec.
Here's what I've done.
[rootweb1 evan]# cat /etc/security/msec/level.local
from mseclib import *
accept_icmp_echo(yes)
accept_broadcasted_icmp_echo(yes)
Hope this helps.
-Evan
-----Original Message-----
From: news [mailto:newssea.gmane.org] On Behalf Of Thomas Carrié
Sent: December 22, 2003 11:10 AM
To: discussmandrakesecure.net
Subject: [discuss] Which security level for a server running apache+ssh on the internet
Hello,
I would like to know what mscec level you would choose to put a server
on the internet considering that you run apache on it and that you need
ssh access to configure the server from you office.
I have setup the firewall (using mandrake tool) to accept connection
from port 22 and 80.
I have choosen "Security Level 4" but it gave me many troubles : I was
not able to ping my server "ping localhost", I found out that I had to
uncheck "Ignore ICMP Echo".
Then I was able to ping my server from a remote server and to connect to
it via ssh. But after approxymativly a minute my ping and my ssh is
going automatically down. Then any futher connection from the remote
server is simply refused.
I wonder what is the parameter that prevent me from being able to
connect more than a few seconds.
I wonder what change you guys usually apply before being able to use
ssh, ping and apache on your server remotly.
Now, I consider to setup again my box from scratch choosing level 3 or 2 !!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]