On Mon, Jun 29, 2009 at 9:00 AM, Sander Snelzander.snel@gmail.com wrote:
On 06/27/2009 09:21 PM, Mag Gam wrote:
sane and simple security management for linux systems:
- only open ports in iptables which are being used, if possible with
source address or source network. 2. use hosts.allow/deny rules for services if applicable, this adds another layer of security. 3. check logs often, use a central loghost 4. SSH: no root login, only dedicated users, only dedicated source addresses, only key based access or kerberized access, no standard port
PortKnocking so the open port changes continuously.
and / or
tinc-vpn / hamachi so the port is only open to another member of your tinc network. Since there there are hundreds-of- thousands or millions of infected web servers out there serving up malicious drive-by javascript, use noscript on any machine connected to a server.
Reemphasize watching cms (joomla and the like) plugins.
- enable SELinux
- use some kind of intrusion detection, like aide (standard in centos)
or snort 8. use fail2ban to deny ipaddresses with several failed login attempts within a short period of time 9. clear your shell's history on logout 10. use sudo instead of su - 11. check bastille.org for hardening 12. check center for internet security for benchmarks, they provide very detailed information for hardening servers ( csisecurity.org ) 13. use chattr -i for several key configuration files, so they cannot be changed or deleted
this should get you started, good luck
Sander
WE have a centos 5.3 install, and our server is keep getting hacked. We see load averages of 500+ and see people from all over the world logging into our server (used last).
Is there a good place to start to avoid these kinds of things?
For example, here is what I already did.
Open up sshd port only setup iptables to only accept port 80 and 22 No FTP No other ports are allowed according to IP Tables.
I am not sure what else measures I can take. Can someone please assist?
TIA _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos