Rogelio wrote:
Can anyone recommend a hardened CentOS distro?
CentOS /is/ a distro, there is only one centos 'distribution'. centos configured with selinux enabled, appropriate firewall rules, and the minimum number of services required for your application should be fairly 'hardened' as-is.
John R Pierce wrote:
CentOS /is/ a distro, there is only one centos 'distribution'. centos configured with selinux enabled, appropriate firewall rules, and the minimum number of services required for your application should be fairly 'hardened' as-is.
Understood. I meant CentOS-based, but I suppose the "best" way is to just roll something myself.
I was hoping to find a nice list HOWTO or script that someone else was using so I wouldn't have to think through everything from scratch.
Thanks.
Rogelio wrote:
John R Pierce wrote:
CentOS /is/ a distro, there is only one centos 'distribution'. centos configured with selinux enabled, appropriate firewall rules, and the minimum number of services required for your application should be fairly 'hardened' as-is.
Understood. I meant CentOS-based, but I suppose the "best" way is to just roll something myself.
I was hoping to find a nice list HOWTO or script that someone else was using so I wouldn't have to think through everything from scratch.
Have you looked at Bastille Linux?
Rogelio wrote:
John R Pierce wrote:
CentOS /is/ a distro, there is only one centos 'distribution'. centos configured with selinux enabled, appropriate firewall rules, and the minimum number of services required for your application should be fairly 'hardened' as-is.
Understood. I meant CentOS-based, but I suppose the "best" way is to just roll something myself.
I was hoping to find a nice list HOWTO or script that someone else was using so I wouldn't have to think through everything from scratch.
Thanks.
There are some guides around, for example:
http://www.puschitz.com/SecuringLinux.shtml
However security is not a one size fits all solution that can be applied off the shelf. You need to assess where *your* risks are and what you should do to minimize them.
Hope that helps.
I have used this on my server http://bastille-linux.sourceforge.net/ ...
On Mon, Jun 2, 2008 at 9:44 AM, Ned Slider ned@unixmail.co.uk wrote:
Rogelio wrote:
John R Pierce wrote:
CentOS /is/ a distro, there is only one centos 'distribution'. centos configured with selinux enabled, appropriate firewall rules, and the minimum number of services required for your application should be fairly 'hardened' as-is.
Understood. I meant CentOS-based, but I suppose the "best" way is to just roll something myself.
I was hoping to find a nice list HOWTO or script that someone else was using so I wouldn't have to think through everything from scratch.
Thanks.
There are some guides around, for example:
http://www.puschitz.com/SecuringLinux.shtml
However security is not a one size fits all solution that can be applied off the shelf. You need to assess where *your* risks are and what you should do to minimize them.
Hope that helps.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
NSA guides on hardening RHEL5. Should be applicable to CentOS5 as well. http://www.nsa.gov/snac/downloads_redhat.cfm?MenuID=scg10.3.1.1
I read about this on /. some weeks ago, but I just skimmed through it, so I can't say how effective I think it is. I thought it would be useful to point to it on list though.
HTH, Filipe
-
Filipe Brandenburger -
John R Pierce -
John Thomas -
Ned Slider -
Plant, Dean -
Rogelio -
Tom Bishop -
William Warren