We have a couple of servers we can’t move to the cloud for a variety of reasons. In addition, they are running some super legacy applications.
Because of this, we’ve really had to focus on OS level security to protect the application (OS is surprisingly Ubuntu 16).
Good Linux Security Software:
- ModSecurity V3...tough to figure out but so worth it. An incredible L7 Firewall. Immediately provides benefits
- UFW...utterly saves you from IPTABLES. Also has some neat brute force protection (ufw limit ssh).
- ModEvasive...Apache Module which is great for preventing automated vuln scanners like Burp Suite
- ClamAV...antivirus, who knows how effective but is popular
- RKHunter...rootkit hunter, hard to tune but can be worth it
Biggest benefit we got though was from setting all HTTPS Headers on the web server (there are 7 of them now I think you can set). The latest headers like “Feature-Policy” which can disable Javascript’s access to webcam, microphone, and more have been very useful.
I find that UFW is more of a pain than its worth when it comes to simple rules everybody needs like "block everything, allow this handful of ports", mostly because the syntax is too english-like and so it's easier to get confused how you're supposed to write the rule.
It also spews a bunch of chains all over iptables, making it harder to understand when you actually need to use it directly for something more advanced like mangling.
I'm mobile, but has this been updated? I used this in college back in 08 and it was much better than iptables but I don't know if it's kept up with the times.
Nice to see it posted here, I've been a happy user of FireHOL for a decade, if not more. For a while I was worried it was going to be abandoned, I'm really glad it wasn't.
I'm not a network guy but I was tasked with setting up some servers at a co-lo, including a box to act as the router. FireHOL was a godsend for helping me to setup the rules.
I haven't tried FireQOS yet, but I really want to play with it.
I use their iplists in pfblocker-ng since 3 years. It's incredibly useful, like "let's block all traffic from tor exit nodes appeared online in the last 30 days".
You might want to look at OpenSnitch [1]. It requires nfqueue and directly accessing /proc to get info in real time, which is why you'll likely never see it as part of a structured firewall builder like this.
Because of this, we’ve really had to focus on OS level security to protect the application (OS is surprisingly Ubuntu 16).
Good Linux Security Software:
- ModSecurity V3...tough to figure out but so worth it. An incredible L7 Firewall. Immediately provides benefits
- UFW...utterly saves you from IPTABLES. Also has some neat brute force protection (ufw limit ssh).
- ModEvasive...Apache Module which is great for preventing automated vuln scanners like Burp Suite
- ClamAV...antivirus, who knows how effective but is popular
- RKHunter...rootkit hunter, hard to tune but can be worth it
Biggest benefit we got though was from setting all HTTPS Headers on the web server (there are 7 of them now I think you can set). The latest headers like “Feature-Policy” which can disable Javascript’s access to webcam, microphone, and more have been very useful.