• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Third party security applications

A

Amin Taheri

Golden Pleskian
Plesk Certified Professional
Which third party applications do you guys use

Does any one use:
Bastille Linux
Logcheck
Swatch
Suhosin
LibSafe
Lids
TripWire
PortSentry
PAX
APF/BFD
GRSecurity


Anything else that people recomend to use, or to stay away from?
 
Thats a great help S

Which ones do you use, which ones do you recomend NOT using?
(even if they are not on the list)
 
Ive used them all.

Grsec/Pax - must have
logcheck/swatch - redundant if you use ossec
tripwire - ditto
portsentry - ditto. But craig rowland rocks. I worked with him at wheelgroup.
libsafe - redundant with grsec
lids - redundant with ossec and grsec
apf/bfd - nice, but I write my own rules
 
You might want to check the links in atomicturtle's signature. Atomic Secured Linux is a pretty nice package of security apps for Plesk servers. :)
 
Yes, but that is a commercial product - and something that most people will like to stay away from as its not free :)
 
It's not very expensive either, and it's all open source software if that's what's bothering you. And it has a GUI that integrates with Plesk, which is very nice.

Plesk itself is a lot less free (both 'as in beer' and 'as in speech').
 
Greetings:

Bastille for Linux
Logwatch
LibSafe
Tripwire
Psad
Lsm
Psm
Ossec
chkrootkit
rkhunter
rootcheck from ossec (separate program)
mod_security
tcpwrappers
SEC

Thank you.
 
ossec and pop3d

ossec in general works, but i didnt get the brutefore attack stopped for pop3d with ossec.

Has someone a actual ossec config/rule for pop3d running on Suse 10.1 & Plesk 8.2.0

thanks
Brujo

my logentrys looks like:
---
Oct 8 17:59:06 plesk pop3d: IMAP connect from @ [xxx.xxx.xxx.xxx]checkmailpasswd: FAILED: mika - no such user from @ [xxx.xxx.xxx.xxx]DEBUG: Connection, ip=[xxx.xxx.xxx.xxx]

Oct 8 17:59:43 plesk pop3d: IMAP connect from @ [xxx.xxx.xxx.xxx]checkmailpasswd: FAILED: mika - no such user from @ [xxx.xxx.xxx.xxx]ERR: LOGIN FAILED, ip=[xxx.xxx.xxx.xxx]
 
Sure do, its in ASL, of you want to do it from source. The latest is in the CVS version of ossec from ossec.net.

I cant recommend it enough, it replaces a lot of other tools, like tripwire, lsm, psm, portsentry, psad, chkrootkit, etc with one common tool. Also I highly recommend joining the ossec mailing list. People post rulesets and decoders to it all the time.
 
Hi atomicturtle,
i wrote at the ossec mailinglist without answer and looked in the latest snapshot, but i cant see/find the needed decoder entrys for the pop3d / checkmailpasswd:

please can you send it to me ?

thanks a lot
Brujo
 
speaking of ossec Ive been looking arround to find some good rules other then the stock ones, kind of tough to find, no one seems to have posted or shared.

On a side note scott, clicking on your troubleshooting firewalls link on your website goes to http://www.gotroot.com/tiki-index.php?page=Resources+for+Troubleshooting+Linux+Firewalls&bl

Which appears to be a dead link or something as it doesnt work.

http://www.atomicorp.com/kernel/2.6/
http://www.atomicorp.com/kernel/2.4/
also doesnt work
 
It can be installed intro VZ VPS to manage security software? I know that kernel patches will not go.

Does this package do significant server load while using all this security techniques? Any real numbers?
 
Obviously the kernel wont, since the VPS's dont have them. However some of those kernel improvements, like Trusted Path Execution have been included in the Virtuozzo kernel (2.6.19 I think) distributed by sw-soft. So if you're using that, the configuration utilities in ASL will take advantage of it.

On a dedicated(not VPS) Intel server, overhead from PaX is about 3%. On an AMD CPU, this is implemented in hardware, so there is no performance overhead.

Mod_security impacts performance on very large POSTS. Ive seen those increase from 2-3 seconds without it running, to 4-6 seconds with it.
 
You must log in or register to reply here.

Similar threads

R
suexec = serious security concerns
Replies
1
Views
6K
RayMorris
R
M
Migration from 6.0 to 8.0.1 + 2 questions
Replies
10
Views
4K
mrpopo
M
A
My Suggestions for features
Replies
1
Views
3K
flosoft
F
Back
Top