Hi,
I open this discussion to share what I'm using on my machine for security protection and I would have feedback on this crucial issue.

- Linux CentOS 5
- tripwire, chkrootkit, rkhunter. watchlog as security tools
- fail2ban on apache log, I modified the loginpage.php in order to add an entry to apache error log (with ip and user name that failed) so I can catch it wit fail2ban an disabled login for 10 minutes after 3 failure (probably we can integrate this in deki). This protect again brute force attack.
- experimenting this script to block DOS attack http://deflate.medialayer.com/ Anyone know if is it is good?

I also enable modsecurity on apache, but it doesn't work because too many rules need to be changed otherwise block a lot of deki calls. Anybody is working on adapting the rules set of modsecurity to deki? I could help also if I don't have experience at this time.

Any other idea or advice?

Thank you,
Gianluca

Well, seems pretty solid already but I'd add some of these recommendations (http://wiki.developer.mindtouch.com/MindTouch_Deki/FAQ/Configuration/How_do_I...Harden_security_on_Linux_servers_runnin g_Deki_Wiki), especially the firewall part. Also an Apache chroot wouldn't hurt :)

Thank you for your feedback, I discovered and apply all the tools suggested here except the kernel upgrade http://www.securecentos.com I think it is a good site and some tools are really great, for example ossec and monit, also the mysql tuning tools are great. Some pages are a work in progress and there are some minor error, but nothing serious. I tried to contact the webmaster but I didn't get any feedback.

Just set up a firewall on the machine (using iptables directly or one of the many awesome layers around it).

Ensure the principle of minimum visible 'surface area' by only allowing access to that machine on the ports running Deki (which ultimately should only be 443/https).