+1 for bastille... On 9/18/10, m.roth at 5-cent.us <m.roth at 5-cent.us> wrote: > Roland RoLaNd wrote: >> >> i Just finished setting up an apache service on a centos 5.2 VM machine. >> >> i need to secure this machine as i'm soon to be setting a public IP over >> it where i'd be opening up the following services: >> >> 1. http >> 2. https >> 3. ssh >> >> >> Things i've done so far: >> >> 1. stopped root ssh access in sshd.conf >> 2. tried configuring PAM so i get a more secure ssh passwords (dictionary >> wise) as well as tried setting up a 2 times authentication failure for the >> account to be disabled for 12 hours (i couldnl't succeed in setting this >> up) >> 3. disabled port forwarding (to deny outsiders to tunnel through the >> server inside my network) couldn't succeed with this either. >> > Well, you could set selinux enforcing (AUGH!!!). Another possibility is > run Bastille Linux on it to harden it. I really like the latter - I used > it to harden an old system of mine, first Redhat 7.x, then Redhat 9 (yes, > this is years ago), and used that as my firewall/router, and in something > like 9 years online, on broadband, to the best of my knowledge, I never > had an intrusion. > > mark > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >