Quick security guide for Cobalt products
In decreasing order of (presumed) importance:
Please send comments to
<crosser at average dot org>
Also, to keep an eye on security problems and new patches,
consider subscribing to these maillists:
First and foremost, make sure, and check regularily that your
workstation is not trojaned with a keyboard logger!
Check if the server has been compromized already
is your friend here).
If so, it is hightly recommended to
the system from scratch
(don't forget to backup all your data and configuration first!).
Install all up to date
Install ssh from pkgmaster and
disable telnet. Some SSH clients for Windows & Mac (including scp)
can be found
Disable on the control panel all services that are not absolutely
required. If you have mysql and/or postgresql installed, make sure that
they have network access disabled (or at least properly restricted).
is the document describing how to do that for MySQL.
Try to get rid of FTP service too. You might consider these options:
(NOTE: to make users use scp, you will have to enable shell access
for them which may be undesirable. You will need to decide yourself if
it is more risky to open shell access or have FTP service enabled.)
Install some kind of "secure FTP" solution, such as
Make users use scp or sftp (parts of ssh).
Enable SSL on the main web server - this will make your admin
interface SSL secured, and you won't be exposing admin password
on the network anymore. After that, change admin password,
just for case.
Install intrusion detection software, such as
a TriSentry suite. (The latter was developed by
Psionic products but
disappeared from their website after acquisition by Cisco).
on some other host and run it regularily (don't forget to make
portsentry disregard its IP address).
Install SSL enabled versions of
POP3 and IMAP
servers and make your users use them instead of plain POP3/IMAP.
It is also possible to use native Cobalt POP3 and IMAP servers
through an SSL wrapper such as
Configure firewall with ipchains to restrict access to certain ports
(e.g. admin ports 81 and 444) only from certain IP
Not a real protection, but some ready-to-use exploit scripts rely on
gcc to compile exploit code on the target system. Uninstalling
gcc RPM or just making gcc binary non-executable may, in some
cases, thwart script kiddies and worms (but not serious intruders).