[CentOS] Security checklist for new Centos server?

Ralph Angenendt ra+centos at br-online.de
Sat Jul 21 08:33:14 UTC 2007


M. Fioretti wrote:
> - install dovecot (not included in centos, IIRC) and other extra
>   packages you do need

dovecot is included in CentOS - so no need to get it from somewhere
else.

> - set up itables (what would the safest iptables script to do all and
>   only the services listed above?

Depends on from where you want to connect to your imap server. From
everywhere? And ssh? The same?

If you only run sshd, imap, postfix and apache I don't really see a need
for iptables. But you might want to restrict access to sshd to a few ip
addresses if you can.

> - what else?

Don't turn off SELinux.

Cheers,

Ralph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.centos.org/pipermail/centos/attachments/20070721/cddfc04e/attachment.bin


More information about the CentOS mailing list