Printer Friendly Version

As exciting as it may be to have a sparkling new server running a Linux distribution (such as Red Hat) ready to serve your intranet and/or Web site, you need to take the time to get it ready before unveiling it to your expectant audience. There are a number of considerations before going live, which are essential to your server's security and stability. In this article I'll be suggesting some essential steps for setting up your new server.

Contents

• Selecting a Firewall
• Virus Scanning
• Patches
• Disabling Root Login
• PHP Safe Mode
• Checking For Intruders
• Conclusion

Selecting a Firewall

A firewall will protect your server from malicious hackers or attacks, both coming from outside of your organization and from within your LAN. It does this by monitoring (and sometimes limiting) traffic on the server's communication ports. So which package should you use?

IPTables is a system included with most Linux distributions, which amongst other things can be used to block offending IP addresses (i.e., connections from outside of your network). Accessing IPTables directly, however, can be an arduous task. A third-party firewall product is a much better idea, as this will handle the most difficult chores automatically.

One simple firewall is called 'KISS My Firewall', and can be found at http://www.geocities.com/steve93138/. It is enclosed in one file, and it spares you from handling communication with the IPTables system. It allows you to select which ports (e.g., HTTP, FTP, etc.) can be accessed, and to block the IPs of troublesome computers. This is just about the simplest firewall I've found, although there are a number of other free alternatives.

For a more sophisticated system, you'll have to pay. A good list of Linux firewalls, both free and not-so-free, can be found at http://www.linux.org/apps/all/Networking/Firewalls.html. Whichever system you go with, you'll need to tell it which ports may be used for other systems to communicate with your server — for a browser-based intranet, you'll normally need the following ports enabled:

Function	Port Number(s)
HTTP - Such as the HTML page you're viewing now, HTTP is especially used for Intranets that are web browser-based.	80 / 8080
FTP - File transfer protocol. Used to transfer files from a workstation computer to the server, e.g. when you want to update the Intranet from somewhere on your LAN / WAN.	21
Telnet - Used to provide 'shell' access to the server (now superceded by SSH, see below)	23
SSH - Similar to Telnet, however data is encrypted for security. This should be used in favour of telnet.	22

Depending on the software your network uses, there may well be other ports that have to be enabled. How you tell the firewall which ports to open will depend on the system you choose, but often is defined in the form of list, contained within a settings file. This is simple to edit.

Keeping the Viruses at Bay

One of the most vital pieces of software is a virus scanner. These can operate in different ways: scanning incoming e-mails, performing regular scans of the server's hard disk, etc. Again, there are alternatives — both free-of-charge and commercial.

F-Prot (http://www.f-prot.com/) is one popular system. A comprehensive list of products can be found, once again, on the Linux.org site at http://www.linux.org/apps/all/System/Anti-Virus.html. When choosing a scanner, ensure that it will be updated with the latest virus information (preferably free of charge) by the software vendor on a regular basis. A scanner with an outdated set of virus definitions is close to being useless.