For my regular servers that only I use, I do the following to keep them secure (from a fresh, minimal Debian squeeze installation):
- Disable services that aren't necessary
- Configure
iptablesto only allow necessary traffic in/out - Lock down SSH so only certain users can log in with an SSH key on a port below 1024 that isn't 22
- Keep the systems updated
- Check logs regularly for irregularities
If you'd recommend I do anything else for a private one-user-only server, please let me know. They don't run HTTP daemons or anything. Anyway, back on topic:
I have a box set up like above. I'm planning on handing out shell accounts so some friends have a box to work on some OCW computer science courses with. They'll need things like GCC, Vim, Python, etc. I already have these installed. Of course, when handing out shells, I assume I need to take even more effort to secure the box to prevent abuse.
I plan on setting up user limits in /etc/security/limits.conf and using a grsecurity kernel. What else should I be doing? Should the users be placed in a jail? I'm comfortable using GNU/Linux, but I'm completely new to this.
I hope this question isn't too vague. Any help is really appreciated.
Thanks a lot.
[link] [20 comments]