How to install and secure egroupware - Directory UMM

More documents

Recommendations

Info

else fi echo "AIDE produced no errors." ) | /bin/mail -s "Daily AIDE report for $FQDN" $MAILTO � It is not recommended that you run automated AIDE checks without verifying AIDE yourself frequently. In addition to that, AIDE does not implement any password or encryption protection for its own files. 6.1.6.4 Sample AIDE report The report which AIDE creates shows you all changes on your file system. Please compare the report with the changes you have made (i.e. installing an update or changing the configuration of your server). This is an automated report generated by the Advanced Intrusion Detection Environment on egroupware at 05:27:16 PM on 02/14/2004. Output of the daily AIDE run: AIDE found differences between database and filesystem!! Start timestamp: 2004-02-14 17:27:16 Summary: Total number of files=34691,added files=2,removed files=0,changed files=5 Added files: added:/etc/cron.daily/aide added:/var/log/error.log Changed files: changed:/etc/aide.conf changed:/root changed:/root/.viminfo changed:/root/.bash_history changed:/root/chkrootkit-0.43-1.i386.rpm Detailed information about changes: File: /etc/aide.conf Inode : 89090 , 89173 Directory: /root Mtime : 2004-02-14 16:35:58 , 2004-02-14 17:27:12 Ctime : 2004-02-14 16:35:58 , 2004-02-14 17:27:12 File: /root/.viminfo Size : 6683 , 6513 Mtime : 2004-02-14 16:35:58 , 2004-02-14 17:27:12 Ctime : 2004-02-14 16:35:58 , 2004-02-14 17:27:12 Reiner Jung Install and Secure eGroupWare Page 32 of 67
Inode : 111362 , 111363 MD5 : UM0erzXMWPEdiCgKV/t91g== , l9E0UBQu7PKTCJiS3b2Fzw== SHA1 : jNlzWrSY/Q4zk3Rd7dnpyth2a0Y= , R1wFnTg2scWSaRnn47zcZ+syS3E= File: /root/.bash_history Size : 14824 , 14872 Mtime : 2004-02-14 16:16:30 , 2004-02-14 16:48:32 Ctime : 2004-02-14 16:16:30 , 2004-02-14 16:48:32 MD5 : zlVCx+39n8XLd3/ip757vA== , nCs18yzJdwDD/BfsUssuhQ== SHA1 : Al8brD3i+B6P2RMxpn6IaC+I5fE= , bWBEjLA0Hnt6XXTszkzKi8gaTZQ= File: /root/chkrootkit-0.43-1.i386.rpm Permissions: -rw-r--r-- , -rw-r----- Ctime : 2004-01-26 13:43:35 , 2004-02-14 16:51:06 AIDE produced no errors. 6.1.6.5 Creating a new database after changes After your report is verified you must create a new database and save the database at the secure location. Run the update from your database after every report which you have verified! 6.1.7 Daemon security [root@server root]# /mn t/floppy/aide --init [root@server root]# cp /var/lib/aide/aide.db.new.gz /mnt/floppy/var/lib/aide/aide.db.gz Run your necessary daemons in a chroot environment under *nix. Use TCP Wrappers or xinetd to secure your daemons. 6.1.8 Firewall Set up a firewall on your server to protect your system. 6.2 Web Application Security With web application security software you can secure your web-based applications like eGroupWare from SQL injunction, Cross Side Scripting and other attacks. There are several applications on the market for the Apache web server and IIS. Two tools which are open source are: ModSecurity (for Apache Web server 1.3x and 2.x) IISShield (For Internet Information Server) ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella – shielding applications from attacks. Reiner Jung Install and Secure eGroupWare Page 33 of 67
Page 1 and 2: How to Install and Secure eGroupWar
Page 3 and 4: Index Index .......................
Page 5 and 6: 7.5.3 Step 3 - Set Up Your User Acc
Page 7 and 8: 2 Express Install HOWTO This “How
Page 9 and 10: 4) Ensure that your web server and
Page 11 and 12: and for initial setup only 12) Mana
Page 13 and 14: 4 Updating eGroupWare 4.1 Updating
Page 15 and 16: [root@server root]# gpg --list-keys
Page 17 and 18: [user@server tmp]$ md5sum eGroupWar
Page 19 and 20: [user@server tmp]$ unzip /tmp/eGrou
Page 21 and 22: Conclusion: Minimum necessary open
Page 23 and 24: • strings.c: quick and dirty stri
Page 25 and 26: � If possible, use only SSHv2 con
Page 27 and 28: There is one important line in the
Page 29 and 30: verbose=5 report_url=file:/var/log/
Page 31: [ -z "$MAILTO" ] && MAILTO="root" i
Page 35 and 36: # The name of the audit log file Se
Page 37 and 38: Handler: cgi-script ---------------
Page 39 and 40: %description devel The php-devel pa
Page 41 and 42: 6.4.4 Web interface Turck MMCache c
Page 43 and 44: log_errors = On ; Store the last er
Page 45 and 46: localityName = Locality Name (eg, c
Page 47 and 48: 6.7 The web server Secure your web
Page 49 and 50: 7 Setup eGroupWare 7.1 Creating you
Page 51 and 52: 7.4 Creating your header.inc.php Mo
Page 53 and 54: Click Re-Check My Installation: If
Page 55 and 56: � Enter the hostname of your serv
Page 57 and 58: 7.5.4 Step 4 - Manage Languages The
Page 59 and 60: 9.5 Cannot get past the Check Insta
Page 61 and 62: 10 Software Map AIDE, Advanced Intr
Page 63 and 64: php project Platform Linux / BSD /
Page 65 and 66: * Sun Nov 22 2003 Reiner Jung 0.3
Page 67: 13 Humanly-Readable License Attribu

How to install and secure egroupware - Directory UMM

Create successful ePaper yourself

Delete template?

Save as template?