On Sat, 2005-08-20 at 10:59 -0400, AragonX wrote: > I had an intrusion on one of my servers and am in the process of hardening > it (after a reinstall). I've taken all the basic steps (shutting down > unused services etc) and have done the following: > > Installed Smothwall on a separate box. > Installed & configured AIDE, Snort and chkrootkit > Ran Bastille > > I am in the process of configuring LIDS. I'm using LIDS instead of > SELinux because it's easier for me to configure. Security is not easy. IMHO SELinux is a worthwhile investment of effort. It is also completely different from LIDS and performs a different function. LIDS attempts to detect that an intrusion has happened. SELinux tries to prevent the intrusion happening in the first place, and to limit the damage that occurs if it does. > My next and final step will be to install mod_security. > > The server performs the following tasks: > > Web (Squirrelmail, eGroupWare, myPhpAdmin and others) and email serving > to the internet. > File, print and DHCP serving to my local network. > > I'm looking for more preventative measures. It appears that LIDS and > mod_security are the only ones in that role now. Should I jail apache? > Would that give me any benefits over what LIDS provides? Yes it would. Paul. -- Paul Howarth <paul@xxxxxxxxxxxx>