Highest Voted 'hardening' Questions - Server Fault Stack Exchange

1

vote

0 answers

Small business/charity first-time server build; Initializing and hardening?

I'm the volunteer IT coordinator for our small church. We currently use a Synology NAS as a file server, surveillance controller, web server, email server and DNS. It does a decent job with most of that but it's overmatched in the web server…

asked Jul 17 '21 at 10:57

Eric H. Bowen

11
2

1

vote

2 answers

OpenSSH internal-sftp not accepting allowed/denied_requests

Trying to set up a highly restricted SFTP server with OpenSSH_7.4p1 for remote scripts to upload data. The goal is a black hole where the scripts can do a "put" with user level keys and no other server commands are possible. Everything worked fine…

ssh security configuration sftp hardening

asked May 31 '21 at 11:52

netdxr

13
3

1

vote

1 answer

Editing Authselect files

I'm hardening fedora OS following the CIS Benchmark for fedora 28. In one of the remediations, the Benchmark provides an script that modifies the files system-auth and password-auth. When I apply the changes with authselect apply-changes I get an…

linux authentication fedora hardening

asked May 26 '20 at 23:33

Luis Gc

11
1
2

0

votes

1 answer

Why does `lynis audit system` suggest to change the `sshd` port from `22` to '' (empty)?

I ran a lynis audit system on a reasonably fresh ubuntu 18.04 instance, and of the more intriguing suggestions it made was: Test: Checking Port in /tmp/lynis.AT7qAndGzq Result: Option Port found Result: Option Port value is 22 Result: SSH option…

ssh security hardening

asked Aug 20 '19 at 09:19

cueedee

173
6

0

votes

0 answers

Webserver (Apache/NGINX): Disabling connections / binding on IP address

I was wondering if I would be able to harden my Apache configuration in such a way it would only respond to one of it's actual vhost configuration (e.g. https://myhost.example.com/) and make it unresponsive to anything but that. Currently every…

nginx security https ip-address hardening

asked Aug 06 '19 at 12:54

William Jozef

53
1
4

0

votes

0 answers

Debian 9 file system CIS-CAT hardening issues

I'm performing a CIS-CAT scan and I'm questioning the results of the scanner being poorly designed. Now I am running on Debian 9 which isn't officially supported by the scanner but I can get it to run and I've implemented 95% of their requirements…

security debian-stretch hardening

asked Dec 27 '18 at 21:28

Brad

250
1
11

0

votes

3 answers

Security advantages of a SSH jumphost / jumpserver

I want to learn more about hardening Webservers and currently stopped on the topic Jumphost. So for me it seems like a Jumphost for example is connected to a webserver via VPN and the only server who gets access via VPN and SSH inside the VPN, so…

linux ssh security ssh-tunnel hardening

asked Aug 07 '17 at 11:23

frankhammer

137
1
5
15

0

votes

1 answer

Securing local repository with SSH and chroot

I've got a local Debian repository server in my network and I want my clients to upgrade, update, and install packages from it through SSH. I configured my sources.list so it would look like this : deb ssh://root@local_repo/debian wheezy main I also…

ssh debian repository hardening

asked Jun 08 '15 at 12:54

monkeytrouble

1

0

votes

1 answer

cache_dir and some hardening squid

Suppose i'm going to define multiple cache_dir such as : cache_dir ..... # disk 1 cache_dir ..... # disk 2 cache_dir ..... # disk 3 Question: Do i need to define maximum_object_size and minimum_object_size and other directives per disk ?…

squid hardening

asked Oct 11 '14 at 03:31

PersianGulf

596
6
21

0

votes

1 answer

Local port access blocked by iptables

Although experienced with Linux, I'm new to iptables, having set it up following a Rackspace virtual server setup guide. Using port scans and checking remote access to required ports, I can see all traffic is being blocked except for the ports I've…

linux security iptables hardening

asked Oct 09 '14 at 08:22

Andrew Ebling

103
4

0

votes

1 answer

prevent explorer.exe from launching internet explorer

In a Windows Terminal Server (2003 R2) where the users are not allowed to run a remote desktop, but just the applications they want (that's Citrix work), i've published "Explorer.exe" for the users to get their files. How can i prevent Explorer.exe…

terminal-server hardening

asked Jun 16 '13 at 21:05

AgostinoX

181
2
13

0

votes

1 answer

Is debootstrap chroot safe?

I followed this tutorial http://wiki.debian.org/chroot on Debian Squeeze AMD64, to get a separated environment. This chroot is really safe? In others chroot tutorials, create a chroot for an application is really hard, with this tutorial appears it…

linux nginx debian chroot hardening

asked Apr 14 '13 at 15:06

Eghes

89
7

0

votes

2 answers

What tools and/or procedures to use when hardening IIS7?

IIS6 had some tools for hardening, against attacks and holes. Does IIS7 have the same? If not, are there some standard thingst that should be done to protect it?

windows-server-2008 security iis-7 hardening

asked Jul 22 '09 at 15:42

Jason

3,227
8
26
28

0

votes

1 answer

Lock down a user on a stand-alone windows web server

I have a Windows Web Server 2008 R2 Core, which runs several web sites. There is no AD. One of the web applications requires Windows Authentication for a single user. I would like to restrict the user from doing anything except being used for IIS…

iis windows-server-2008-r2 user-permissions hardening

asked Oct 13 '12 at 12:09

Peter Hahndorf

13,763
3
37
58

0

votes

2 answers

Server is too optimized?

I have a linux 4gb Quad core server w/ apache that is used for this website. I notice when I go to SSH and type TOP to see load averages, they are usually around 0.80. Now from what I understand, if you have a quad core, your load average is…

linux apache-2.2 wordpress optimization hardening

asked May 23 '11 at 00:20

Greatestswordsman

387
1
5
17

Questions tagged [hardening]