[CentOS] Security checklist for new Centos server?
mfioretti at mclink.it
Sat Jul 21 16:55:34 UTC 2007
On Sat, Jul 21, 2007 10:33:14 AM +0200, Ralph Angenendt
(ra+centos at br-online.de) wrote:
> > - set up itables (what would the safest iptables script to do all and
> > only the services listed above?
> Depends on from where you want to connect to your imap server. From
yes. More exactly, dovecot must serve both local webmail via
squirrelmail and my (and other users) home boxes
> If you only run sshd, imap, postfix and apache I don't really see a
> need for iptables. But you might want to restrict access to sshd to
> a few ip addresses if you can.
Unfortunately, this is not an option. Sorry I forgot to specify it in
the initial message.
> > - what else?
> Don't turn off SELinux.
Hmmm... I had also forgotten this side of the package. I will be
running on a rented VPS, can SELinux be used in such contexts?
Also, frankly I am not up to date on this, but I do remember reading a
lot of "Just turn off selinux, isn't worth it" and "selinux isn't
mature/ documented enough yet" in relatively recent times, both on
Fedora and Centos lists.
Is this still the case?
The Family Guide to Digital Freedom http://digifreedom.net
More information about the CentOS