This is what I have done to lock down my Ubuntu webserver running several sites and will have a mail server that connects only to our DMZ mail server to send emails to us:
1. I have instaled 12.04 LTS and all updates.
2. Set it to auto install security updates
3. Set a cron job to reboot nightly
4. Installed Apache2 + all updates
5. Installed and configured ModSecurity + latest OWASP rules
6. Installed PHP + Suhosin + configured
7. Removed all test/debugging scripts
8. Turned off server status page
9. Turned off Apache banner/HTTP trace info
10. Anything I missed?????
I have two things left to do, to the best of my knowledge.
1. Install sendmail (DMZ to DMZ email server only) + lockdown
2. Turn off unnecessary services.
I have the list of running services and marked what I "know" to keep in green, and what I know to turn off in red. The rest are totally unknown to me. Goggling around has not give me any yes/no answers...just what the do, but that has not been a lot of help at this point. Several more of these I want to make green... but I want to talk to the experts first. This is my first web server build that will actually sit in a DMZ!
Can anyone please help?
Results of: sudo initctl list | grep running
rsyslog start/running, process 819
tty4 start/running, process 882
udev start/running, process 344
upstart-udev-bridge start/running, process 342
whoopsie start/running, process 945
irqbalance start/running, process 932
tty5 start/running, process 887
atd start/running, process 906
dbus start/running, process 821
ssh start/running, process 808
cron start/running, process 905
acpid start/running, process 904
upstart-socket-bridge start/running, process 522
tty2 start/running, process 894
tty3 start/running, process 895
network-interface (lo) start/running
network-interface (eth0) start/running
tty1 start/running, process 981
network-interface-security (network-interface/eth0) start/running
network-interface-security (network-interface/lo) start/running
network-interface-security (networking) start/running
tty6 start/running, process 897
What is the best way to turn off the unwanted services?
What is the best way to prevent a hacker from being able to log in as one of the must have services? (Set shell to false???)