CI Security has some good hardening guidelines for Linux based servers. Any public facing server should be hardened before deploying it online.

www.cisecurity.org

Paul

-------------- Original message ---------------------- From: Niki Kovacs contact@kikinovak.net

Hi,

I admit I never gave security that much thought, that is, except the most basic security rules like choosing good passwords, or reasonable file and directory permissions. But now I have to change that, since I'll soon have to setup a dedicated production server for our public libraries.

I wonder where to begin. I would say first thing is get a series of "auditing" tools such as, for example, the port scanner nmap, to test the firewall on the server. Any other ideas for that?

The firewall: CentOS includes a default firewall, where ports can be chosen using a simple graphical (or ncurses) tool. Is that solid enough for a web server? Or do you recommend diving into the innards of iptables? Or maybe, other solution, can you recommend some good "reasonable" set of rules for a web server, for example?

Last but not least: SELinux. For the moment I don't use it. I read the chapter on SELinux in "Red Hat Enterprise Linux 5 Unleashed" by Tammy Fox, and I simply wonder if it's worth the pain. I'm curious about your opinions about this subject.

Maybe some good reads on security? That is, articles that don't require you to be a doctor in computer science to get a grasp of the subject? And also documentation that doesn't require me to have a life expectance of 500+ years :oD

Any suggestions?

Niki _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos