Difference between revisions of "Security"

From Anarchaserver
Line 89: Line 89:


remove packages&libraries,on which no other package depends and which where not manually installed
remove packages&libraries,on which no other package depends and which where not manually installed
how may packages are manually installed
apt-mark showmanual|wc -l


=== iptables ===
=== iptables ===

Revision as of 20:13, 29 June 2016

Bogus http requests

Hackers can send bogus http requests to get the server to generate error pages because the information about the server OS and web server version can be useful to them. The information given out by the server seems not sufficiently reduced. Its not a good idea to broadcast the versions of software your running. While it doesn't make your server any more secure, it may make you less of a target. See http://helpinlinux.com/apache-server-tokens/

  • Open up /etc/apache2/conf.d/security
  • Set ServerTokens OS to Prod.
  • Turn ServerSignature to Off.
  • Restart Apache web server.


Portmapper

The port mapper (rpc.portmap or just portmap, or rpcbind) is an Open Network Computing Remote Procedure Call (ONC RPC) service that runs on network nodes that provide other ONC RPC services. If you need to run this service, that is perfectly acceptable. However, if this is a mis-configuration, it would be a good idea to stop it.

https://www.shadowserver.org/wiki/pmwiki.php/Services/Open-Portmapper


rpcinfo -T udp -p

  program vers proto   port  service
   100000    4   tcp    111  portmapper
   100000    3   tcp    111  portmapper
   100000    2   tcp    111  portmapper
   100000    4   udp    111  portmapper
   100000    3   udp    111  portmapper
   100000    2   udp    111  portmapper
   100024    1   udp  37209  status
   100024    1   tcp  45698  status

what kind of rpc services are running on the server rpc is an intern process communication

1) find the executable files which contains portmapper 2) try to uninstall & delete it and make sure we don't uninstall any important programme on the server which is actually used.

1) FIND

find in the changelog whether somebody installed or changed the portmapper grep -i portmapper Changelog

If you do changes on the server use Changelog : changelog edit file less Changelog nano /root/Changelog

which portmapper where is the executable ?

locate simply find a file

find out in which package the portmapper is active apt-cache search portmapper remotetea - Sun ONC/RPC support for Java

dpkg -l|grep remotetea gives list of installed packages, and it is not installed

show the description of a package apt-cache show rpcbind

rpcbind uses portmapper

netstat -lnptu|grep 111 listens to open ports and what kind of services are running and finds the open port 111

netstat -lnptu|grep 111

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1707/rpcbind tcp6 0 0 :::111  :::* LISTEN 1707/rpcbind udp 0 0 0.0.0.0:111 0.0.0.0:* 1707/rpcbind udp6 0 0 :::111  :::* 1707/rpcbind

2) UNINSTALL apt-get remove rpcbind

Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required:

 libgssglue1 libsasl2-modules wwwconfig-common

Use 'apt-get autoremove' to remove them. The following packages will be REMOVED:

 nfs-common rpcbind

0 upgraded, 0 newly installed, 2 to remove and 151 not upgraded. After this operation, 805 kB disk space will be freed.

We don't consider lib's, because packages which are libraries, are not providing anyy services.

apt-get autoremove

remove packages&libraries,on which no other package depends and which where not manually installed

how may packages are manually installed apt-mark showmanual|wc -l

iptables

fail2ban

network wrappers (PAM)