Locking Down the System - Part 1

Today I started my attempt to better secure my server before opening IMAP to the world.

First, I used the Mandrake system configuration tool to raise the security level to 'Higher'. Right away, I notice that I can't use ssh to login to the system. I don't remember what I did to enable ssh, but I guess now I'll have to figure it out. It could be a firewall thing, or something else.

(checking firewall settings)

Well, according to the config tool, the firewall is set to allow everything.

I've just noticed that I can't connect to the email server either. Samba is still working.

I think I'm going to change it back to 'Standard' until I learn more about the settings.

More later...

Securing the Server

I have so many things I would like to do with my server, and I'm having a tough time deciding what to do next. Here's the list:

• Setup a backup routine
• Configure a local SMTP server
• Secure the server so that I can allow IMAP connections from the outside

On the third subject, you may remember that I used to allow IMAP connections on the old server. I wasn't as worried about it since I only had mail on that box. However, now that I'm using the new server for file storage, a break-in could be a lot more damaging. Of the three things listed, securing the server is the one I am least confident that I'll be able to handle.



A quick Vivisimo search found some help:

A book called Real World Linux Security looks interesting. Reviewers seem to like it. One down side is that it is from 2002 and is a little pricey. I'd like something a little more current if possible.

The Linux Security Cookbook from O'Reilly may also be a good read. Like the previous title, there are many good reviews filed. The first edition was published in 2003.

Kevin Fenzi and Dave Wreski's Linux Security HOWTO is available on the web at several locations. It was written in 2004 and looks to cover many important issues.

There seem to be several books that approach this problem from the other side by discussing known security holes and procedural mistakes, rather than walking the reader through the process of reasonably securing a Linux machine. Titles such as Maximum Linux Security and Hacking Linux Exposed are examples. I suppose that the administrator of servers used in a commercial enterprise would need to know things at this level, but I just want to feel reasonably sure that along with my backups I'm being responsible.

I'd like to hear how others have approach the security issue. Please leave comments or send email to dashdrum at hotpop dot com.

More Backup Articles

My research on performing backups continues. Today I searched in Google for "linux mandrake backup". I didn't find much helpful stuff, but lots of interesting articles about Linux in general.

Anyway, here's what I found:

• Easy Backup and Restore by Alan Keates on faqs.org is an interesting, if somewhat technical, approach. (also available here from Linux Gazette)
• This page, simply called 'Backup', talks about some basic backup issues, but not much help

There have got to be some more helpful pages somewhere. I'll keep looking, and post here anything I find.

Linux Backups

I found this interesting article from TechBuilder that discusses backup procedures. I'll give it a read later to see if it can help me setup backups for my server.

I've been running periodic backups of the shared file areas, but nothing so far for email or to capture the configuration.

Could be interesting

Repurpose Your Old PC for Music

While surfing through Lifehacker, I stumbled upon a page from O'Reilly that discusses using an old desktop machine as a music jukebox. This instructions call for the Knoppix Live CD.

I've never used the Knoppix boot CD version of Linux, but I have a Mandrake v.9 CD that does the same thing. It is handy to see how a machine will perform with Linux without having to install. It is quite neat in that it doesn't mess with the existing software install, partitions, or anything else.