How to install and secure egroupware - Directory UMM

More documents

Recommendations

Info

6.1.6 Intrusion detection environment Install an intrusion detection environment to keep check of your system files’ integrity and to detect changes on your server. There are several solutions available for *nix based systems: AIDE Tripwire Samhain Of the three above, AIDE is the easiest to set up. 6.1.6.1 Installing AIDE Most distributions have AIDE included and you can install it with a standard tool like RPM or apt-get. AIDE depends on the mhash package, which you must install as well. When no package is available for your platform, you must compile it yourself with . /configure make make install 6.1.6.2 The AIDE configuration file aide.conf You must configure the aide.conf file so that all important files from your server are checked and to reduce false alarms. � Store /etc/aide.conf, /usr/sbin/aide and /var/lib/aide/aide.db.gz in a secure location, e.g. on separate read-only media (such as CD-ROM). Alternatively, keep MD5 fingerprints or GPG signatures of those files in a secure location, so you have a means to verify that nobody has modified these files. # Example configuration file for AIDE. @@define DBDIR /var/lib/aide # The location of the database to be read. database=file:/mnt/floppy/aide.db.gz # The location of the database to be written. database_out=file:@@{DBDIR}/aide.db.new.gz # Whether to gzip the output to the database gzip_dbout=yes # Default. Reiner Jung Install and Secure eGroupWare Page 28 of 67
verbose=5 report_url=file:/var/log/aide.log report_url=stdout # These are the default rules. # #p: permissions #i: inode: #n: number of links #u: user #g: group #s: size #b: block count #m: mtime #a: atime #c: ctime #S: check for growing size #md5: md5 checksum #sha1: sha1 checksum #rmd160: rmd160 checksum #tiger: tiger checksum #haval: haval checksum #gost: gost checksum #crc32: crc32 checksum #R: p+i+n+u+g+s+m+c+md5 #L: p+i+n+u+g #E: Empty group #>: Growing logfile p+u+g+i+n+S # You can create custom rules like this. NORMAL = R+b+sha1 DIR = p+i+n+u+g # Next decide what directories/files you want in the database. /boot NORMAL /bin NORMAL /sbin NORMAL /lib NORMAL /opt NORMAL /usr NORMAL /root NORMAL Reiner Jung Install and Secure eGroupWare Page 29 of 67
Page 1 and 2: How to Install and Secure eGroupWar
Page 3 and 4: Index Index .......................
Page 5 and 6: 7.5.3 Step 3 - Set Up Your User Acc
Page 7 and 8: 2 Express Install HOWTO This “How
Page 9 and 10: 4) Ensure that your web server and
Page 11 and 12: and for initial setup only 12) Mana
Page 13 and 14: 4 Updating eGroupWare 4.1 Updating
Page 15 and 16: [root@server root]# gpg --list-keys
Page 17 and 18: [user@server tmp]$ md5sum eGroupWar
Page 19 and 20: [user@server tmp]$ unzip /tmp/eGrou
Page 21 and 22: Conclusion: Minimum necessary open
Page 23 and 24: • strings.c: quick and dirty stri
Page 25 and 26: � If possible, use only SSHv2 con
Page 27: There is one important line in the
Page 31 and 32: [ -z "$MAILTO" ] && MAILTO="root" i
Page 33 and 34: Inode : 111362 , 111363 MD5 : UM0er
Page 35 and 36: # The name of the audit log file Se
Page 37 and 38: Handler: cgi-script ---------------
Page 39 and 40: %description devel The php-devel pa
Page 41 and 42: 6.4.4 Web interface Turck MMCache c
Page 43 and 44: log_errors = On ; Store the last er
Page 45 and 46: localityName = Locality Name (eg, c
Page 47 and 48: 6.7 The web server Secure your web
Page 49 and 50: 7 Setup eGroupWare 7.1 Creating you
Page 51 and 52: 7.4 Creating your header.inc.php Mo
Page 53 and 54: Click Re-Check My Installation: If
Page 55 and 56: � Enter the hostname of your serv
Page 57 and 58: 7.5.4 Step 4 - Manage Languages The
Page 59 and 60: 9.5 Cannot get past the Check Insta
Page 61 and 62: 10 Software Map AIDE, Advanced Intr
Page 63 and 64: php project Platform Linux / BSD /
Page 65 and 66: * Sun Nov 22 2003 Reiner Jung 0.3
Page 67: 13 Humanly-Readable License Attribu

How to install and secure egroupware - Directory UMM

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?