[CentOS] Hardening CentOS by removing "hacker" tools

Ruslan Sivak russ at vshift.com
Fri Jun 6 23:12:35 UTC 2008

Filipe Brandenburger wrote:
> Hi,
> My boss asked me to harden a CentOS box by removing "hacker" tools,
> such as nmap, tcpdump, nc (netcat), telnet, etc.
> I would like to know which list of packages would you remove from a
> base install. I would appreciate if someone could point me to a
> "standard" way of doing this. I know there are procedures for
> hardening a machine (I remember reading about Bastille Linux) but I
> don't know how effective they are and if they include the removal of
> such tools in their procedures.
> Any advice would be very appreciated!
> Thanks,
> Filipe
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
I don't think that removing these tools would make the box any more 
secure.  If a hacker is able to get into the system through exploiting a 
service, he can download the necessary tools or compile them himself. 

I suggest to start setting up the firewall to only have the necessary 
ports open (which is usually already done), moving anything you can to a 
non standard port (especially things like ssh), and disabling any 
unneeded services.  You would be surprised how many attacks a public 
server can get on standard ports like ssh.  People will run scripts that 
will just try to bruteforce a password, and can lead to DOS attacks, 
especially on slower servers.

There are also tools, such as the ones that rackspace installs, that 
stop port scans.  They basically detect port scans and add a firewall 
rule to temporarily block that ip.  Does anyone know what tool that is?

Also disabling remote login as root should help.


More information about the CentOS mailing list