Solved

how to make linux centos 5 distribution secured

Posted on 2009-03-30
5
346 Views
Last Modified: 2013-12-15
hi all,
my manager want me to secure linux centos5 distribution in development or hosting purpose
and I have no Idea in that can you please guide me in that matter
any tutorial, how to topic, check list is very appriciated

regards
hatem gamal
0
Comment
Question by:hatem_from_mesr
  • 3
  • 2
5 Comments
 
LVL 29

Accepted Solution

by:
fosiul01 earned 500 total points
ID: 24021663
1. use iptables / firewall  [ block every incomming port, open one by one]
2, use syslog or syslog-ng to move log file from server to any secure place , so that you can check for any aututhorize activity
3. dont login in the server As root, put a hard password for root, login as normal user then use sudo
4. use some thirdparty software to prevent too much login attempt such , portsentry, fail2ban, those will save you if any person try too much  login attept

6, Check log regularly

these are the basic ....
0
 

Author Comment

by:hatem_from_mesr
ID: 24021743
hi fosiul01,
>>>1. use iptables / firewall  [ block every incomming port, open one by one]
can you tell me more details I'm beginner in that
regards
hatem gamal
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 24021814
Ok
in Centos , we get firewall which i iptables

such as block everything


iptables -P INPUT DROP

iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
so it will block every input
now you will have to open suppose ssh, 80, 53
just open one by one

but there are other things to consider  about IPtables
such as blockign spoofing, Brutal attack .

just read on net about iptables

another product you can use Snort, to protect your server from hacker..


0
 

Author Comment

by:hatem_from_mesr
ID: 24021890
hi fosiul01,
>>>now you will have to open suppose ssh, 80, 53
can you please provide me syntax
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 24021937
iptables -A INPUT  -p tcp --dport 80 -j ACCEPT

so it will allow http connection to your web server

iptables -A INPUT  -p udp --dport 53 -j ACCEPT
iptables -A INPUT  -p tcp --dport 53 -j ACCEPT

this will allow dns request to your server


one more : if you dont want any service in web server , dont install  
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question