[Centos] Secure server install

Greg Knaddison greg.knaddison at gmail.com
Thu Jan 27 21:57:20 UTC 2005 

On that subject, it's worth considering that many installations are
not terribly "secure" right out of the box.  For example, SSH allows
protocol version 1 and remote root logins by default on Centos.  Many
admins consider this to be rather insecure - some have no problem with
it in their environments.

Whatever services you do need, it would be worth auditing all of their
config files.

Greg


On Thu, 27 Jan 2005 15:33:47 -0400, Joe Polk <listuser at javelinux.com> wrote:
> It's not a question of what "users" to delete by default. Most default user
> accounts are there for a specific task. Think about what services you don't
> intend to use. Stop those daemons from running on boot and kill the
> corresonding account for them. My experience is that there are very few
> accounts that would need to be removed. Services are more important to focus on.
> 
> --
> <<JAV>>
> 
> 
> ---------- Original Message -----------
> From: Håvard Hebnes <centos at kral.no>
> To: "'CentOS discussion and information list'" <centos at caosity.org>
> Sent: Thu, 27 Jan 2005 17:57:38 +0100
> Subject: RE: [Centos] Secure server install
> 
> > Yes, it will handle mail (qmail, stores in /var/qmail), mysql, www
> > sites /home
> >
> > Will use Plesk as CP
> >
> > Think your example looks good. Have you any suggestions to which
> > default users I should delete?
> >
> > /Håvard
> >
> > -----Original Message-----
> > From: centos-bounces at caosity.org [mailto:centos-bounces at caosity.org]
> > On Behalf Of Beau Henderson Sent: 27. januar 2005 17:49 To: CentOS
> > discussion and information list Subject: Re: [Centos] Secure server install
> >
> > Well now that really depends on what your going to have installed on
> > the server. Will it handle mail? mysql or other databases ? web
> > serving, etc ? Will you have any control panel system installed on
> > this system ?
> >
> > Here's an example of one of my systems which handles everything:
> >
> > /dev/hda6            1012M  238M  723M  25% /
> > /dev/hda1             244M   21M  210M   9% /boot
> > /dev/hda7              91G   19G   68G  22% /home
> > none                 1004M     0 1004M   0% /dev/shm
> > /dev/hda5             2.0G   33M  1.8G   2% /tmp
> > /dev/hda2             9.7G  2.9G  6.3G  31% /usr
> > /dev/hda3             9.7G  1.8G  7.5G  19% /var
> >
> > Generally a 512 - 1 GB is enough for tmp. The size of each really
> > depends upon what software you'll have installed and where it places
> > its files.
> > --
> > Beau Henderson
> > http://www.iminteractive.net
> >
> > On Thu, 27 Jan 2005 17:41:30 +0100, Håvard Hebnes <centos at kral.no> wrote:
> > > Any recomendations how big they should be? Have 160GB to use..
> > >
> > > Thanks,
> > >
> > > regards
> > > Håvard
> > >
> > > -----Original Message-----
> > > From: centos-bounces at caosity.org [mailto:centos-bounces at caosity.org] On
> Behalf Of Beau Henderson
> > > Sent: 27. januar 2005 17:36
> > > To: CentOS discussion and information list
> > > Subject: Re: [Centos] Secure server install
> > >
> > > On our web hosting servers, we generally use:
> > > /
> > > /tmp
> > > /var
> > > /usr
> > > /boot
> > > swap
> > > /home
> > >
> > > Not necessarily in the above order.
> > >
> > > --
> > > Beau Henderson
> > > http://www.iminteractive.net
> > >
> > > On Thu, 27 Jan 2005 07:30:34 -0600, Benjamin J. Weiss
> > > <benjamin at birdvet.org> wrote:
> > > > Håvard Hebnes wrote:
> > > >
> > > > >Not sure if this is the right place to ask, but I'll try.
> > > > >
> > > > >When I do a minimum install of Centos, which default users should I
> delete (users that won't be needed on
> > a
> > > > >server) It will be used for webhosting, mail, sql.. And, what
> partitions would you advice me to create?
> > > /root,
> > > > >/tmp, swap, /... should I have more?
> > > > >
> > > > >
> > > > >
> > > > I don't usually create a seperate /root.  The partition structure I
> > > > usually go with is:
> > > >
> > > > /boot
> > > > /tmp
> > > > /var
> > > > /
> > > > swap
> > > >
> > > > And some people throw in /home.
> > > >
> > > > Ben
> > > > _______________________________________________
> > > > CentOS mailing list
> > > > CentOS at caosity.org
> > > > http://lists.caosity.org/mailman/listinfo/centos
> > > >
> > > _______________________________________________
> > > CentOS mailing list
> > > CentOS at caosity.org
> > > http://lists.caosity.org/mailman/listinfo/centos
> > >
> > > _______________________________________________
> > > CentOS mailing list
> > > CentOS at caosity.org
> > > http://lists.caosity.org/mailman/listinfo/centos
> > >
> > _______________________________________________
> > CentOS mailing list
> > CentOS at caosity.org
> > http://lists.caosity.org/mailman/listinfo/centos
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS at caosity.org
> > http://lists.caosity.org/mailman/listinfo/centos
> ------- End of Original Message -------
> 
> _______________________________________________
> CentOS mailing list
> CentOS at caosity.org
> http://lists.caosity.org/mailman/listinfo/centos
>

More information about the CentOS mailing list