How to install and secure egroupware - Directory UMM
How to install and secure egroupware - Directory UMM
How to install and secure egroupware - Directory UMM
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
6 Basic Server Security<br />
6.1 The server platform<br />
There are many ways you can <strong>secure</strong> your server platform. The most important security measure you can<br />
perform is <strong>to</strong> keep your <strong>install</strong>ation up-<strong>to</strong>-date. Consider subscribing <strong>to</strong> the mailing list <strong>egroupware</strong>-<br />
announcement@lists.sourceforge.net. This is where we publish new releases as well as necessary security<br />
updates for eGroupWare.<br />
6.1.1 Checking your server for running services <strong>and</strong> open ports<br />
� An open port indicates that your server is offering a service <strong>to</strong> the public. This could be a Fileserver, DNS<br />
Server, Telnet server, X server or one of many other services. More open ports means that an attacker has a<br />
better chance of gaining access <strong>to</strong> your server. You server should only have the ports <strong>and</strong> services available<br />
which are necessary <strong>to</strong> run eGroupWare. If you need other open ports that are not necessary for eGroupWare,<br />
then you should <strong>secure</strong> your <strong>install</strong>ation with a firewall or with TCP wrappers. If it’s possible, only allow services <strong>to</strong><br />
run on your eGroupWare server that have Secure Socket Layer (SSL) enabled.<br />
6.1.1.1 Ports which the eGroupWare server needs <strong>to</strong> run<br />
Ports which are needed are:<br />
Web server Port: HTTP/80<br />
Web server SSL Port: HTTPS/443<br />
Remote Administration , Secure Shell: SSH/22<br />
If you must run an E-Mail server on the same machine, then you will need a few more ports open. If you can<br />
run your E-Mail server on a separate machine, then please do so. You’ll need these extra ports open for an E-<br />
Mail server <strong>to</strong> run:<br />
Email Server MTA: SMTP/25<br />
Email Server MTA: SMTPS/465<br />
To pick up the E-Mail from your server with a client program (such as the eGroupWare clients), you need one<br />
of the following ports:<br />
IMAP server: IMAP/143<br />
IMAP server SSL: IMAPS/993<br />
POP-3: POP-3/110<br />
POP-3 over SSL: POP-3/995<br />
If you block ports with a firewall, please remember that you will need <strong>to</strong> allow certain outbound traffic. This<br />
can include NTP, DNS lookups, etc.<br />
Reiner Jung Install <strong>and</strong> Secure eGroupWare Page 20 of 67