Greetings, everybody
I've browsed around a bit, but there seems to be no single practical list of this kind.
What would you do to make a new Centos server which must run apache, IMAP (Dovecot) and SMTP (PostFix) and nothing else for a few domains as secure from attacks as possible, using only standard RPM packages as much as possible?
(Please note that choice of other IMAP and SMTP servers is not possible in my case, for a lot of reasons really not pertinent on the list, so let's not go there, please)
Here's a first absolutely uncomplete draft off the top of my head:
- remove as many unnecessary packages as possible (best way to find them?)
- install dovecot (not included in centos, IIRC) and other extra packages you do need
- run yum update
- enable long passwords
- set up only ssh2 on a non standard port
- set up Single Packet Authorization?
- set up itables (what would the safest iptables script to do all and only the services listed above?
- what else?
Feel free to rearrange, cut, add, give links, whatever: personally, I'm interested in securing the whole box, meaning how to glue things together in the safest possible way, without forgetting anything, while things like how to make Postfix not an open relay, for example, are already covered in detail in the Postfix docs.
TIA, Marco