Postfix install and Security talk
Written by Arvinder Singh / March 07, 2009 / 3 mins read / Filed under Postfix, / Linux, / Security
Once your Operating System is grown up, you have to sit it down and do the SECURITY TALK.
A little on the philosophical side of it, I believe sense of security is just a perception. You are secure when you start feeling it. If we can keep on following the rabbit hole, there will always exploits to to be known, more tools to be learnt, more WMDs to be discovered! If that is what you like to do, more power to you!
Another point - always have a second plan. Less than two backup copies of your data and assume you have none.
Lets get back to our Linux Box.
One of the requirements that our installs are going to have is a mail server. The linux box can email me complaining it has stomach ache, or any activity that goes on it.
TechRepublic has an old, yet not obsolete article for recipe ingredients of a mail server. We just need postfix.
After some reading about postfix, here is the route I took
$ sudo aptitude install postfix
Now head over to the postfix configuration documentation and tweak the settings. The only change I did was to make sure that my server is relaying mail originating only from local machine.
$ sudo vi /etc/postfix/main.cf mynetworks = 127.0.0.0/8
Save and exit. Now reload the changes.
$ postfix reload
Remember Ubuntu Install on XServe article? We had put up a firewall on this box. However, nmap scan from another machine shows port 25 open (smtp being used by postfix.) Lets add some rules. User
--dry-run to test command syntax.
sudo --dry-run ufw deny proto tcp from 0.0.0.0/0 to xx.xx.xx.xx port 25 sudo ufw deny proto tcp from 0.0.0.0/0 to xx.xx.xx.xx port 25
I think, I’m not quite happy with
ufw. Its good for starters, however it does not have advanced flexibility. I’m going to return to Shorewall within coming weeks.
Although linux machines are comparatively at lesser risk of being affected by viruses, still they can be threatened by trojans, worms by a vital part replaced by a rootkit.
chkrootkit is a tool to locally check for signs of a rootkit.
$ sudo aptitude install chkrootkit $ sudo chkrootkit
The run returned system not infected. Next lets install Rootkit Hunter. .Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits.
$ sudo aptitude install rkhunter $ sudo rkhunter -c --skip-keypress
We came out clean.
The security paranoids can look at top 100 security tools.
Photo credits: GD Senior @ Flickr