[CentOS] I appear to be attacking others

Tue Feb 7 00:14:22 UTC 2006
Will McDonald <wmcdonald at gmail.com>

On 06/02/06, James Gagnon <jamesg at nucleus.com> wrote:
> From an overall security point of view, does anyone know any good links or
> direct me to some good information for securing linux server systems if its
> not behind a hardware firewall?  I read all the security updates for
> specific daemons such as httpd, bind, etc.. and ensure those measures are in
> place and or patched.  However, when it comes to the actual OS itself I just
> want to make sure all security measures are in place for it as well.  Yum
> update does run on a nightly basis, but not sure if there is more to it than
> that.

The O'Reilly Linux Server Security book's a good read if you have at
least a little Unix admin/user experience. It re-iterates a lot of the
good advice that's been covered on the list about securing SSH by
running on a non-standard port, only allowing key based auth and then
only for a limited subset of users/groups.

They also cover bastion firewalling. Essentially, anything internet
facing (or security sensitive), even if behind another firewall, it's
good practice to firewall to the hilt. The more layers the better.

Secure your OS. Secure your apps. Secure your network. A lot of it's
just common sense. Unless you're full time job is nothing but security
and you can track all the current vulnerabilities and infer where the
next ones will be just assume every thing's a risk and lock
down/remove everything you don't absolutely require to mitigate the
likelihood of getting owned.

Link-wise, I'd say the more you read the better.



Start with those. :)

Bear in mind, if you're messing with stuff you're not sure about, use
a test machine/have backups/make sure you can reinstall from scratch
if you break somethign or get burned somehow.