[CentOS] securing centos 5.2 for public usage

Sat Sep 18 19:26:23 UTC 2010
Tom Bishop <bishoptf at gmail.com>

+1 for bastille...

On 9/18/10, m.roth at 5-cent.us <m.roth at 5-cent.us> wrote:
> Roland RoLaNd wrote:
>>
>> i Just finished setting up an apache service on a centos 5.2 VM machine.
>>
>> i need to secure this machine as i'm soon to be setting a public IP over
>> it where i'd be opening up the following services:
>>
>> 1. http
>> 2. https
>> 3. ssh
>>
>>
>> Things i've done so far:
>>
>> 1. stopped root ssh access in sshd.conf
>> 2. tried configuring PAM so i get a more secure ssh passwords (dictionary
>> wise) as well as tried setting up a 2 times authentication failure for the
>> account to be disabled for 12 hours (i couldnl't succeed in setting this
>> up)
>> 3. disabled port forwarding (to deny outsiders to tunnel through the
>> server inside my network) couldn't succeed with this either.
>>
> Well, you could set selinux enforcing (AUGH!!!). Another possibility is
> run Bastille Linux on it to harden it. I really like the latter - I used
> it to harden an old system of mine, first Redhat 7.x, then Redhat 9 (yes,
> this is years ago), and used that as my firewall/router, and in something
> like 9 years online, on broadband, to the best of my knowledge, I never
> had an intrusion.
>
>               mark
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>