Chapter 5. Server Security

5.1. Securing Services With TCP Wrappers and xinetd

5.1.1. Enhancing Security With TCP Wrappers
5.1.2. Enhancing Security With xinetd

5.2. Securing Portmap

5.2.1. Protect portmap With TCP Wrappers
5.2.2. Protect portmap With IPTables

5.3. Securing NIS

5.3.1. Carefully Plan the Network
5.3.2. Use a Password-like NIS Domain Name and Hostname
5.3.3. Edit the /var/yp/securenets File
5.3.4. Assign Static Ports and Use IPTables Rules
5.3.5. Use Kerberos Authentication

5.4. Securing NFS

5.4.1. Carefully Plan the Network
5.4.2. Beware of Syntax Errors
5.4.3. Do Not Use the no_root_squash Option

5.5. Securing the Apache HTTP Server

5.5.1. FollowSymLinks
5.5.2. The Indexes Directive
5.5.3. The UserDir Directive
5.5.4. Do Not Remove the IncludesNoExec Directive
5.5.5. Restrict Permissions for Executable Directories

5.6. Securing FTP

5.6.1. FTP Greeting Banner
5.6.2. Anonymous Access
5.6.3. User Accounts
5.6.4. Use TCP Wrappers To Control Access

5.7. Securing Sendmail

5.7.1. Limiting a Denial of Service Attack
5.7.2. NFS and Sendmail
5.7.3. Mail-only Users

5.8. Verifying Which Ports Are Listening

When a system is used as a server on a public network, it becomes a target for attacks. For this reason, hardening the system and locking down services is of paramount importance for the system administrator.

Before delving into specific issues, review the following general tips for enhancing server security:

Keep all services current, to protect against the latest threats.
Use secure protocols whenever possible.
Serve only one type of network service per machine whenever possible.
Monitor all servers carefully for suspicious activity.