On 06/27/2009 09:21 PM, Mag Gam wrote: sane and simple security management for linux systems: 1. only open ports in iptables which are being used, if possible with source address or source network. 2. use hosts.allow/deny rules for services if applicable, this adds another layer of security. 3. check logs often, use a central loghost 4. SSH: no root login, only dedicated users, only dedicated source addresses, only key based access or kerberized access, no standard port 5. enable SELinux 6. use some kind of intrusion detection, like aide (standard in centos) or snort 8. use fail2ban to deny ipaddresses with several failed login attempts within a short period of time 9. clear your shell's history on logout 10. use sudo instead of su - 11. check bastille.org for hardening 12. check center for internet security for benchmarks, they provide very detailed information for hardening servers ( csisecurity.org ) 13. use chattr -i for several key configuration files, so they cannot be changed or deleted this should get you started, good luck Sander > WE have a centos 5.3 install, and our server is keep getting hacked. > We see load averages of 500+ and see people from all over the world > logging into our server (used last). > > Is there a good place to start to avoid these kinds of things? > > For example, here is what I already did. > > Open up sshd port only > setup iptables to only accept port 80 and 22 > No FTP > No other ports are allowed according to IP Tables. > > > I am not sure what else measures I can take. Can someone please assist? > > TIA > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >