[CentOS] Hardening CentOS by removing "hacker" tools
Ruslan Sivak
russ at vshift.com
Fri Jun 6 23:12:35 UTC 2008
Filipe Brandenburger wrote:
> Hi,
>
> My boss asked me to harden a CentOS box by removing "hacker" tools,
> such as nmap, tcpdump, nc (netcat), telnet, etc.
>
> I would like to know which list of packages would you remove from a
> base install. I would appreciate if someone could point me to a
> "standard" way of doing this. I know there are procedures for
> hardening a machine (I remember reading about Bastille Linux) but I
> don't know how effective they are and if they include the removal of
> such tools in their procedures.
>
> Any advice would be very appreciated!
>
> Thanks,
> Filipe
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
I don't think that removing these tools would make the box any more
secure. If a hacker is able to get into the system through exploiting a
service, he can download the necessary tools or compile them himself.
I suggest to start setting up the firewall to only have the necessary
ports open (which is usually already done), moving anything you can to a
non standard port (especially things like ssh), and disabling any
unneeded services. You would be surprised how many attacks a public
server can get on standard ports like ssh. People will run scripts that
will just try to bruteforce a password, and can lead to DOS attacks,
especially on slower servers.
There are also tools, such as the ones that rackspace installs, that
stop port scans. They basically detect port scans and add a firewall
rule to temporarily block that ip. Does anyone know what tool that is?
Also disabling remote login as root should help.
Russ
More information about the CentOS
mailing list