CI Security has some good hardening guidelines for Linux based servers. Any public facing server should be hardened before deploying it online. www.cisecurity.org Paul -------------- Original message ---------------------- From: Niki Kovacs <contact at kikinovak.net> > Hi, > > I admit I never gave security that much thought, that is, except the > most basic security rules like choosing good passwords, or reasonable > file and directory permissions. But now I have to change that, since > I'll soon have to setup a dedicated production server for our public > libraries. > > I wonder where to begin. I would say first thing is get a series of > "auditing" tools such as, for example, the port scanner nmap, to test > the firewall on the server. Any other ideas for that? > > The firewall: CentOS includes a default firewall, where ports can be > chosen using a simple graphical (or ncurses) tool. Is that solid enough > for a web server? Or do you recommend diving into the innards of > iptables? Or maybe, other solution, can you recommend some good > "reasonable" set of rules for a web server, for example? > > Last but not least: SELinux. For the moment I don't use it. I read the > chapter on SELinux in "Red Hat Enterprise Linux 5 Unleashed" by Tammy > Fox, and I simply wonder if it's worth the pain. I'm curious about your > opinions about this subject. > > Maybe some good reads on security? That is, articles that don't require > you to be a doctor in computer science to get a grasp of the subject? > And also documentation that doesn't require me to have a life expectance > of 500+ years > :oD > > Any suggestions? > > Niki > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos