[CentOS] General questions about security

[techlists at comcast.net]

CI Security has some good hardening guidelines for Linux based servers. Any public facing server should be hardened before deploying it online.

www.cisecurity.org

Paul

 -------------- Original message ----------------------
From: Niki Kovacs <contact at kikinovak.net>
> Hi,
> 
> I admit I never gave security that much thought, that is, except the 
> most basic security rules like choosing good passwords, or reasonable 
> file and directory permissions. But now I have to change that, since 
> I'll soon have to setup a dedicated production server for our public 
> libraries.
> 
> I wonder where to begin. I would say first thing is get a series of 
> "auditing" tools such as, for example, the port scanner nmap, to test 
> the firewall on the server. Any other ideas for that?
> 
> The firewall: CentOS includes a default firewall, where ports can be 
> chosen using a simple graphical (or ncurses) tool. Is that solid enough 
> for a web server? Or do you recommend diving into the innards of 
> iptables? Or maybe, other solution, can you recommend some good 
> "reasonable" set of rules for a web server, for example?
> 
> Last but not least: SELinux. For the moment I don't use it. I read the 
> chapter on SELinux in "Red Hat Enterprise Linux 5 Unleashed" by Tammy 
> Fox, and I simply wonder if it's worth the pain. I'm curious about your 
> opinions about this subject.
> 
> Maybe some good reads on security? That is, articles that don't require 
> you to be a doctor in computer science to get a grasp of the subject? 
> And also documentation that doesn't require me to have a life expectance 
> of 500+ years
> :oD
> 
> Any suggestions?
> 
> Niki
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos