UNIX-Security Advise

Posted by Phoibe on Server Fault See other posts from Server Fault or by Phoibe
Published on 2011-02-22T22:36:49Z Indexed on 2011/02/22 23:27 UTC
Read the original article Hit count: 384

Filed under:
|
|

Hello, I want to build a quite secure UNIX-Server. Mechanisms I already implemented:

  • SNORT + fwsnort for banning
  • psad to block network-scanning attempts
  • Portknocking to start+open SSH (key-based login - no password)
  • hourly update of IP-Tables-Rules from a Security-Subscription
  • Fail2Ban
  • ClamAV & Rootkithunter + Logwatch

What service-independent security mechanism would you add to this? What mechanism are you using? The server will run Apache&Postfix. For Apache hiding the server-information ofc. and nothing I can think of for Postfix. Thanks

© Server Fault or respective owner

Related posts about server

Related posts about security