[CentOS] General questions about security
techlists at comcast.net
techlists at comcast.net
Fri Feb 1 20:55:26 UTC 2008
CI Security has some good hardening guidelines for Linux based servers. Any public facing server should be hardened before deploying it online.
www.cisecurity.org
Paul
-------------- Original message ----------------------
From: Niki Kovacs <contact at kikinovak.net>
> Hi,
>
> I admit I never gave security that much thought, that is, except the
> most basic security rules like choosing good passwords, or reasonable
> file and directory permissions. But now I have to change that, since
> I'll soon have to setup a dedicated production server for our public
> libraries.
>
> I wonder where to begin. I would say first thing is get a series of
> "auditing" tools such as, for example, the port scanner nmap, to test
> the firewall on the server. Any other ideas for that?
>
> The firewall: CentOS includes a default firewall, where ports can be
> chosen using a simple graphical (or ncurses) tool. Is that solid enough
> for a web server? Or do you recommend diving into the innards of
> iptables? Or maybe, other solution, can you recommend some good
> "reasonable" set of rules for a web server, for example?
>
> Last but not least: SELinux. For the moment I don't use it. I read the
> chapter on SELinux in "Red Hat Enterprise Linux 5 Unleashed" by Tammy
> Fox, and I simply wonder if it's worth the pain. I'm curious about your
> opinions about this subject.
>
> Maybe some good reads on security? That is, articles that don't require
> you to be a doctor in computer science to get a grasp of the subject?
> And also documentation that doesn't require me to have a life expectance
> of 500+ years
> :oD
>
> Any suggestions?
>
> Niki
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
More information about the CentOS
mailing list