+1 for bastille...
On 9/18/10, m.roth@5-cent.us m.roth@5-cent.us wrote:
Roland RoLaNd wrote:
i Just finished setting up an apache service on a centos 5.2 VM machine.
i need to secure this machine as i'm soon to be setting a public IP over it where i'd be opening up the following services:
- http
- https
- ssh
Things i've done so far:
- stopped root ssh access in sshd.conf
- tried configuring PAM so i get a more secure ssh passwords (dictionary
wise) as well as tried setting up a 2 times authentication failure for the account to be disabled for 12 hours (i couldnl't succeed in setting this up) 3. disabled port forwarding (to deny outsiders to tunnel through the server inside my network) couldn't succeed with this either.
Well, you could set selinux enforcing (AUGH!!!). Another possibility is run Bastille Linux on it to harden it. I really like the latter - I used it to harden an old system of mine, first Redhat 7.x, then Redhat 9 (yes, this is years ago), and used that as my firewall/router, and in something like 9 years online, on broadband, to the best of my knowledge, I never had an intrusion.
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos