How to install and secure egroupware - Directory UMM
How to install and secure egroupware - Directory UMM
How to install and secure egroupware - Directory UMM
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
There is one important line in the configuration file from the SSH client. The make sure the following line<br />
exists in your ssh_config file:<br />
Pro<strong>to</strong>col 2<br />
This allows your clients connections with the version 2 of the SSH pro<strong>to</strong>col only.<br />
6.1.4.2.5 Securing your SSHD<br />
For your SSH daemon you can use the following values <strong>to</strong> make it more <strong>secure</strong>:<br />
Pro<strong>to</strong>col 2<br />
PermitRoot Login no<br />
PubKeyAuthentication yes<br />
Passwor dAuthentication no<br />
PermitEmptyPassword no<br />
6.1.5 Installing software <strong>to</strong> moni<strong>to</strong>r your server logs<br />
Analyzing your log files is a must for every administra<strong>to</strong>r. When you don’t moni<strong>to</strong>r your log files, you have no<br />
chance of seeing security problems or anomalies. There are several products on the market that can help<br />
you <strong>to</strong> moni<strong>to</strong>r your log files:<br />
logcheck<br />
logwatch<br />
logsurfer<br />
Logcheck is recommended. Logcheck will work under Linux, BSD, Sun, <strong>and</strong> HP-UX. It is easy <strong>to</strong> <strong>install</strong> <strong>and</strong><br />
make clear reports. To <strong>install</strong> logcheck type the following from the logcheck root after you have untar’d the<br />
file:<br />
[ root @server logcheck-1. 1. 1]# make linux<br />
To run it au<strong>to</strong>matically, you must add a line <strong>to</strong> your crontab file. Under RedHat, it is /etc/crontab. Open the<br />
file <strong>and</strong> add the following line:<br />
00 * * * * root /bin/sh /usr/local/etc/logcheck.sh<br />
Edit the logcheck shell script <strong>to</strong> add the recipient <strong>to</strong> the log report. The recipient is the value of the<br />
SYSADMIN variable in the script.<br />
[root@<strong>egroupware</strong> logcheck-1.1.1]# vi /usr/local/etc/logcheck.sh<br />
To receive better detailed reports, advanced users can also edit the follow files:<br />
logcheck.violations<br />
logcheck.violations.ignore<br />
logcheck.hacking<br />
logcheck.ignore<br />
Reiner Jung Install <strong>and</strong> Secure eGroupWare Page 27 of 67