[CentOS] Security checklist for new Centos server?

Sat Jul 21 16:55:34 UTC 2007
M. Fioretti <mfioretti at mclink.it>

On Sat, Jul 21, 2007 10:33:14 AM +0200, Ralph Angenendt
(ra+centos at br-online.de) wrote:

> > - set up itables (what would the safest iptables script to do all and
> >   only the services listed above?
> 
> Depends on from where you want to connect to your imap server. From
> everywhere?

yes. More exactly, dovecot must serve both local webmail via
squirrelmail and my (and other users) home boxes

> If you only run sshd, imap, postfix and apache I don't really see a
> need for iptables. But you might want to restrict access to sshd to
> a few ip addresses if you can.

Unfortunately, this is not an option. Sorry I forgot to specify it in
the initial message.

> > - what else?
> 
> Don't turn off SELinux.

Hmmm... I had also forgotten this side of the package. I will be
running on a rented VPS, can SELinux be used in such contexts?

Also, frankly I am not up to date on this, but I do remember reading a
lot of "Just turn off selinux, isn't worth it" and "selinux isn't
mature/ documented enough yet" in relatively recent times, both on
Fedora and Centos lists.

Is this still the case?

Thanks!
	Marco
-- 
The Family Guide to Digital Freedom         http://digifreedom.net