Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Internet facing server - hardened or not?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
ReD-BaRoN
Apprentice
Apprentice


Joined: 06 Feb 2004
Posts: 208

PostPosted: Wed Feb 01, 2012 2:37 am    Post subject: Internet facing server - hardened or not? Reply with quote

I plan on having my Gentoo server on the Internet (port forwarded behind my router) for DNS, Web and SSH for sharing photos/videos with family. In the past I've used hardened, but on this new server I'm not so sure. I always felt that hardened was complex for my needs, and often well behind the mainline release.

I'm curious if maintaining updated packages (apache, bind, openssh) is enough with my limited use server.

What do other folks do?
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1611
Location: U.S.A.

PostPosted: Wed Feb 01, 2012 2:51 am    Post subject: Reply with quote

Hardened has now pretty much caught up to the main tree. Unless you employ role-based access control lists (which is optional), there is not really any added complexity. The hardened toolchain and extra hardening features provided by the grsec patch reduce the system's vulnerability to several categories of threat.

It's up to you, though. Are you a likely target (e.g., running a website likely to have customer information or dealing with financial transactions)? Do you stand to lose a lot if the server (and potentially the rest of the local network) are penetrated and exploited? Is the server firewalled from the rest of your local network? Do you conduct a lot of business using your computers (shopping or banking online)?

You could achieve more in terms of security by not running an internet-facing web server than by hardening the host.
_________________
patrix_neo wrote:
The human thought: I cannot win.
The ratbrain in me : I can only go forward and that's it.
Back to top
View user's profile Send private message
phajdan.jr
Retired Dev
Retired Dev


Joined: 23 Mar 2006
Posts: 1777
Location: Poland

PostPosted: Wed Feb 01, 2012 9:34 am    Post subject: Reply with quote

That depends on what you do with hardened. There is hardened profile and hardened kernel. Hardened profile should generally just work with no additional maintenance (you don't have to run SELinux). You don't have to use grsecurity's RSBAC, and hardening features like PaX and other parts of grsecurity are generally recommended and shouldn't be "too complex".
_________________
http://phajdan-jr.blogspot.com/
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum