We would like to secure our server from hackers. We are suspicious that someone logged on to our system recently.
Can anyone let me know what are the possible ways a hacker can compromise a server and how to avoid such risks?
thanks
Full Version: How to secure a Redhat Enterprise server from hackers?
This is to broad a subject to give a simple answer to. There are many different ways a server can be compromised. Social Engineering, outdated software, software exploits, etc.
The best thing would be to hire a system admin to assist you.
The best thing would be to hire a system admin to assist you.
See http://www.eth0.us/ for useful tips. Instal rkhunter for rootkit check and if it is positive restore your server and start over.
Yeah give rkhunter a try and see what it turns up. You should also take a look at your system and make sure it is updated and you have a good kernel.
You can use "last -ai" to get a list of recent logins. This assumes of course that the system has not been tampered with. If you suspect a compromise, you can first use chkrootkit or rkhunter to do a scan.
If you cannot do this or if you come up with possible security issues, then you may want to hire a sysadmin with security experience to take a look at your system. Most should be able to run a basic check in about an hour. They should look for rootkits, viruses, open ports, suspecious processes, and files. They should also be able to provide you with a list of recent logins so you can check and verify that all accesses are authorized.
If you cannot do this or if you come up with possible security issues, then you may want to hire a sysadmin with security experience to take a look at your system. Most should be able to run a basic check in about an hour. They should look for rootkits, viruses, open ports, suspecious processes, and files. They should also be able to provide you with a list of recent logins so you can check and verify that all accesses are authorized.
The best possible step is to have someone professional have a look at it. It is way quick than making just assumptions 
keep your server up to date, and if your not using one service, DISABLE IT. 
You have to close as many as possible doors but crackers have to find only one open, security is a very big area you could be happy with closing most of the doors but will not satisfy that you are fully secured.
I'm looking through the forums in search for the same and here's what I found:
Get a new reloaded Redhat Enterprise Server without all patches applied (after a harddisk crash).
Some checking here if I can apply all redhat patches due to ensim on it. No negative info so I applied them BUT why hasn't they applied before giving me the server for further own customising ?
No firewall activated and configured (even if only http, smtp, pop3, imap and ensim are allowed in factory given configuration) ? Why not ? Sure you can argue there are many ways but there's no real reason that there's no default secure configuration as I'm sure that EV1 is using images to create/restore server OS.
This would make it easier and reduce the chance of getting hacked before I even have access to the server.
I'm still unsure which firewall to use with my redhat box and which services are on after the OS restore which aren't needed by Ensim or wich ports and IP addresses are used by the EV1 server monitoring programs (SMTP connections from a EV1 to test if SMTP is alive).
I can walk through all but I found it hard that there are no current How-Tos for the current products. I found a lot of How-Tos from 2003-2004 which have maybe some of the right changes applied but a lot less trouble if the new EV1 server would be handed in a more secure base configuration.
Get a new reloaded Redhat Enterprise Server without all patches applied (after a harddisk crash).
Some checking here if I can apply all redhat patches due to ensim on it. No negative info so I applied them BUT why hasn't they applied before giving me the server for further own customising ?
No firewall activated and configured (even if only http, smtp, pop3, imap and ensim are allowed in factory given configuration) ? Why not ? Sure you can argue there are many ways but there's no real reason that there's no default secure configuration as I'm sure that EV1 is using images to create/restore server OS.
This would make it easier and reduce the chance of getting hacked before I even have access to the server.
I'm still unsure which firewall to use with my redhat box and which services are on after the OS restore which aren't needed by Ensim or wich ports and IP addresses are used by the EV1 server monitoring programs (SMTP connections from a EV1 to test if SMTP is alive).
I can walk through all but I found it hard that there are no current How-Tos for the current products. I found a lot of How-Tos from 2003-2004 which have maybe some of the right changes applied but a lot less trouble if the new EV1 server would be handed in a more secure base configuration.
WHM seems to make it almost idiot-proof from the start, even though I have put alot of addon security measures on the servers, which were not included in WHM.
I like how WHM tells you how things can affect your server's security right in the settings areas. :o
I like how WHM tells you how things can affect your server's security right in the settings areas. :o
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.