Measure to increase system security 6.15.4
Created: 6.0.8; Updated: 6.0.8

Some security measures were integrated into the ePages package, like an integrity check and a new user concept. But ePages hosts (providers) need to ensure the security of the system. The following measures should be performed to ensure data security and restricted access.

The recommendations are mainly for c-systems (UNIX). Recommendations which are also relevant for Windows are marked with (W).

Table of Contents

1 Open as Few Ports as Possible

  UNIX: 80 (http), 443 (https) and 22 (ssh)
  Windows: 80 (http), 443 (https)

Check this by using a port scanner, such as nmap:
  nmap -v YOUR_HOST.DOMAIN

  UNIX: chkconfig --list
  Windows: Computer Management >> Services

  UNIX: rpm -qa
  Windows: Control Panel >> Add or Remove Programs

1.1 Web Server

  • It might be useful for you to use ModSecurity, an Intrusion Detection System for Apache.
  • 2 Restrict Login and SSH Access

    The following measures are listed by their importance.

    2.1 Very Important

      Protocol 2

      PermitRootLogin no

      AllowGroups sshconn

      PasswordAuthentication no

      sshd: 127.0.0.1/32

    2.2 Important

      declare -rx TMOUT=18000

    2.3 Less Important

      visudo
      # comment line: #Default requiretty

      /etc/ssh/sshd_config:
    
      ListenAddress 1.2.3.4

      AddressFamily inet6
      Port 2345


    Copyright ePages GmbH 2013