Ubuntu usually comes out of the box with a pretty good set of security features. However there are some really great tools out there that can help to save some hassle…
1 – Backup – backup-manager
Security is about backup. Your server get attacked, it’s always good to have a backup of your data somewhere. the tricky part comes when the attacker finds out how to access your backup and get rid of it… Let’s focus only on hardware problems, mistakes or malicious script. (Did you ever get any??)
One great tool available on Ubuntu is Backupmanager.
To install it, simply type:
apt-get install backup-manager
In its configuration file (/etc/backup-manager.conf, Backup-manager will allow you to backup:
- your files (using tar.gz),
- your mysql database,
- a subversion repository,
- or actually anything else you want using the wonderful "pipe" method.
The tar.gz method allows you to do incremental backup which is great to save space on your backup device.
Also you will be able to specify different directories in the BM_TARBALL_DIRECTORIES configuration variable
export BM_TARBALL_DIRECTORIES="/etc /var/lib/ /var/www /root /home/"
With the mysql method you can setup an export of a selection or all your detabases.
The pipe method works that way:
# Archive a remote MySQL database through SSH:
Once we know what to collect, we can select the way to backup the data.
Several methods are available:
- s3 (Amazon bucket)
The configuration is easy, just follow the instruction in the comments of the configuration file.
You can also decide to use the DVD burning option.
2 – Access control – fail2ban
Fail2ban helps you to lower the load on your server if you get a lot of dictionary attacks from script kiddies. After a given number of attempts to connect to the server without success, the IP of the requester gets blacklisted for some minutes or hours.
apt-get install fail2ban
These 3 scripts will make different checks on your system in order to find security breaches.
apt-get install chrootkit tiger john
chrootkit will make a quick check of the main binaries of the filesystem and look for well known signatures of rootkits. These rootkits typically come with script kiddies trying dictionary attacks on ssh. (See fail2ban)
John the ripper is a great tool to evaluate the strength of your password. The longer it takes to break your password and the better your choosed your password 🙂
You can execute john the ripper that way.
john -user:root /etc/shadow
tiger is an excellent tool to check hundreds of sources of security breaches. Tiger will use john the ripper and chrootkit.
you can run tiger directly or call it with the -H option which will give you a neat HTML output, easier to browse. The output is usually extremely detailed and contains a lot of information on how to harden the security of your server.
To get more information about a given section you can use:
4 – Virtualization – KVM
One great way to protect your server is to run a set of virtual machines.
Imagine you need to run a webserver with some specific experimental parameters and you want to make sure it’s not going to interfere with your production environment. Or you are making some script demo server with an administration interface available to anyone with very high priviledges on the system. Say a webmin server for example.
Some funny guy decide to delete the whole system. Smart. But too bad, you managed to setup that system on a virtual machine. The machine was monitored by a little script on the host machine. If the machine becomes unaccessible, it shutdowns the vitual machine and restore a backup of the virtual machine. The backup is a simple file of about 2Gb which contains everything needed. About 2 minutes after the smart guy tried to screw up everything, the machine is back online. Too bad…
KVM is now available with Ubuntu 8.10 Intrepid.
The first thing you need to do is to check if the CPU of your server supports virtualization:
egrep '(vmx|svm)' --color=always /proc/cpuinfo
Then you can install the needed packages:
apt-get install kvm libvirt-bin ubuntu-vm-builder qemu bridge-utils
5 – Nessus
Nessus is known to be the ultimate world best security tool by the website insecure.org.
Nessus is what we call a vulnerability assessment tool. It’s not free for commercial use but it’s ok for home use. It is very well supported and developed. More than 20,000 plugins are available…