Filipe Brandenburger wrote: > Hi, > > My boss asked me to harden a CentOS box by removing "hacker" tools, > such as nmap, tcpdump, nc (netcat), telnet, etc. > > I would like to know which list of packages would you remove from a > base install. I would appreciate if someone could point me to a > "standard" way of doing this. I know there are procedures for > hardening a machine (I remember reading about Bastille Linux) but I > don't know how effective they are and if they include the removal of > such tools in their procedures. > > Any advice would be very appreciated! > > Thanks, > Filipe > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > I don't think that removing these tools would make the box any more secure. If a hacker is able to get into the system through exploiting a service, he can download the necessary tools or compile them himself. I suggest to start setting up the firewall to only have the necessary ports open (which is usually already done), moving anything you can to a non standard port (especially things like ssh), and disabling any unneeded services. You would be surprised how many attacks a public server can get on standard ports like ssh. People will run scripts that will just try to bruteforce a password, and can lead to DOS attacks, especially on slower servers. There are also tools, such as the ones that rackspace installs, that stop port scans. They basically detect port scans and add a firewall rule to temporarily block that ip. Does anyone know what tool that is? Also disabling remote login as root should help. Russ