?
Solved

how to make linux centos 5 distribution secured

Posted on 2009-03-30
5
Medium Priority
?
350 Views
Last Modified: 2013-12-15
hi all,
my manager want me to secure linux centos5 distribution in development or hosting purpose
and I have no Idea in that can you please guide me in that matter
any tutorial, how to topic, check list is very appriciated

regards
hatem gamal
0
Comment
Question by:hatem_from_mesr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 29

Accepted Solution

by:
fosiul01 earned 2000 total points
ID: 24021663
1. use iptables / firewall  [ block every incomming port, open one by one]
2, use syslog or syslog-ng to move log file from server to any secure place , so that you can check for any aututhorize activity
3. dont login in the server As root, put a hard password for root, login as normal user then use sudo
4. use some thirdparty software to prevent too much login attempt such , portsentry, fail2ban, those will save you if any person try too much  login attept

6, Check log regularly

these are the basic ....
0
 

Author Comment

by:hatem_from_mesr
ID: 24021743
hi fosiul01,
>>>1. use iptables / firewall  [ block every incomming port, open one by one]
can you tell me more details I'm beginner in that
regards
hatem gamal
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 24021814
Ok
in Centos , we get firewall which i iptables

such as block everything


iptables -P INPUT DROP

iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
so it will block every input
now you will have to open suppose ssh, 80, 53
just open one by one

but there are other things to consider  about IPtables
such as blockign spoofing, Brutal attack .

just read on net about iptables

another product you can use Snort, to protect your server from hacker..


0
 

Author Comment

by:hatem_from_mesr
ID: 24021890
hi fosiul01,
>>>now you will have to open suppose ssh, 80, 53
can you please provide me syntax
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 24021937
iptables -A INPUT  -p tcp --dport 80 -j ACCEPT

so it will allow http connection to your web server

iptables -A INPUT  -p udp --dport 53 -j ACCEPT
iptables -A INPUT  -p tcp --dport 53 -j ACCEPT

this will allow dns request to your server


one more : if you dont want any service in web server , dont install  
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
Course of the Month13 days, 22 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question