[CentOS] Please I'd like to install 2 websites on my un managed VPS on CentOS6

Thu Feb 23 20:47:21 UTC 2012
Wuxi Ixuw <w7u64xi7 at gmail.com>

Actually I read many times that geek people used to use a Linux computer 
as a firewall for their network but never figured out how they do so.


On 23/02/2012 09:52 PM, m.roth at 5-cent.us wrote:
> John R Pierce wrote:
>> On 02/23/12 11:05 AM, Wuxi Ixuw wrote:
>>> Please suggest a one as I am keep goggling and all result bring books
>>> dealing with linux as a real server and not a vps.
>> you could do worse than starting here...
>> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/
>>
>> VPS and real hardware work exactly the same once the software is
>> installed.
>>
>> my base level suggestions:
>>
>>    * start with a *minimal* install of the latest release (currently 6.2)
>>    * create your user account, give both user and root account different
>>      secure passwords
> I was assuming his provider gave him a working system, not virtual bare
> metal.
>
>>    * secure the SSH server (no root, key instead of password
>>      authentication, only allow ssh from your home/office networks or a
>>      few secure 'bastion' hosts, etc)
>>    * yum update right after install and reboot
> Yup.
>
>>    * install *just* the services you need, only from trustworthy yum
>>      repositories
> YES! For about 10 years, I ran an old rh (NOT RHEL) system as a
> firewall/router for my home network. I ran Bastille Linux over it - which
> is *not* a distro, but a set of hardening scripts. Great stuff, and NIST
> recommendations these days refer to it, last time I looked.
>
> After running Bastille, *then* I got paranoid: I never installed X
> (security holes), or *any* compiler, or language I didn't absolutely need
> (no gcc, yes to perl). No nuttin'... and to the best of my knowledge,
> though I did see scans, I never had an intrusion, partly due to firewall
> rules of DROP, and partly because they had nothing to use to run their
> nasties.
>
> If it got installed, and you don't need it, don't only turn it off, yum
> remove. At work, and home, I certainly don't need either bluetooth or
> avahi running, on wired boxen.
>
>>    * secure the services you install as appropriate
>>    * document your configuration, including what packages you needed to
>>      install
> YES. You do *not* want to be trying to figure out what you'd done, a year
> from now, at 17:00 on a Friday, or 02:00 some morning.
>
>>    * script a secure backup of your configuration specific conf and data
>>      files to reliable offsite storage.
> Yup. Or have the full website, and all configuration files for the system,
> on your machine at home or work, so you can just upload the whole thing.
>
>>    * plan on regular yum updates, and staying up on security alerts, such
>>      as CERT
> <snip>
> RH, and this offshot I know of, called CentOS, are pretty good at
> announcing security fixes in a timely manner.... (take a bow, Johnny).
>
>          mark
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos