You are not logged in.
As part of my job, I run an Arch64 LAMP server for hosting a website. Currently, it has "ALL:ALL" specified in its /etc/hosts.allow and I am wondering...is that a security risk? Furthermore, what command-line firewall software (which I could operate via ssh) is out there which Arch users would recommend installing on servers?
Last edited by tony5429 (2008-04-28 14:44:54)
Offline
As part of my job, I run an Arch64 LAMP server for hosting a website. Currently, it has "ALL:ALL" specified in its /etc/hosts.allow and I am wondering...is that a security risk? Furthermore, what command-line firewall software (which I could operate via ssh) is out there which Arch users would recommend installing on servers?
The biggest mistake in computing history has been the default accept strategy, i.e, allowing all rather than denying all and allowing only a simple few. How many ports really need to be open? You can't be running that many services on the server, 4-5 probably, 10 at the most.
Now, odds are you probably wouldn't see any adverse effects leave it open, but it's always better to be safe.
Offline
If I am not mistaken, I think I only need ports 80 and 22 open (for http and ssh)... How would I go about changing my hosts.allow and hosts.deny to fix that? Please forgive me; I am quite new to this stuff.
Offline
I used this to set up my firewall (just iptables): http://wiki.archlinux.org/index.php/Fir … lling_Arch and with iptables you also can open/close ports ...
Offline
If I am not mistaken, I think I only need ports 80 and 22 open (for http and ssh)... How would I go about changing my hosts.allow and hosts.deny to fix that? Please forgive me; I am quite new to this stuff.
In hosts.allow:
sshd sshd2 httpd :ALL
Offline
tony5429 wrote:If I am not mistaken, I think I only need ports 80 and 22 open (for http and ssh)... How would I go about changing my hosts.allow and hosts.deny to fix that? Please forgive me; I am quite new to this stuff.
In hosts.allow:
sshd sshd2 httpd :ALL
If you're concerned about security, ensure your sshd config is more secure as well.
Doing simple things such as changing the deafult ssh port, forcing protocol version 2, and disabling root logins are strongly encouraged.
For a quick read on the subject:
http://www.foogazi.com/2006/11/29/modif … -security/
Last edited by Aaron (2008-04-27 01:07:08)
Offline
Thanks for all the help. I have fixed my hosts.allow and sshd config. I also installed and configured iptables using http://wiki.archlinux.org/index.php/Sim … wall_HOWTO. The website I am hosting on the server seems to work as well as it should and I can still log in via SSH. Thanks again!
Offline