how to secure Ubuntu server and IDS

davetherave2 · 3 Mar 2008 at 20:23

I have been asked to set up a linux box with IDS software.

So I have choosen Ubuntu server 7.10 as my server of choice and OSSEC

http://www.ossec.net/

now I have used linux in the past but only as an experiment and so what are the best ways to secure the box and ensure no can tamper with it (or at least make it difficult).

Are there any good guides on how to do this.

Also is OSSEC the best IDS to use or are there better alternatives out there?

thanks in advance.

kiwi · 3 Mar 2008 at 21:25

Just turn off every service you don't need and make sure you keep up to date with patches. The fewer services, the less to exploit, the more up to date, the fewer exploits (with exception of 0-days but there's bigger targets than yourself I would imagine)

BillytheImpaler · 3 Mar 2008 at 23:56

As usual, use strong passwords and change the port used by ssh to something other than port 22.

GarethDW · 4 Mar 2008 at 00:12

Have a look at Bastill Unix (used to be called BAstille Linux, but a cyber squatter has hijacked the domain)

http://www.bastille-unix.org/

There's a rather dated Walkthrough of using it over at SecurityFocus.

how to secure Ubuntu server and IDS

More options

davetherave2

davetherave2

kiwi

kiwi

BillytheImpaler

BillytheImpaler

Man of Honour

GarethDW

GarethDW