Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

how to make linux centos 5 distribution secured

Posted on 2009-03-30
5
347 Views
Last Modified: 2013-12-15
hi all,
my manager want me to secure linux centos5 distribution in development or hosting purpose
and I have no Idea in that can you please guide me in that matter
any tutorial, how to topic, check list is very appriciated

regards
hatem gamal
0
Comment
Question by:hatem_from_mesr
  • 3
  • 2
5 Comments
 
LVL 29

Accepted Solution

by:
fosiul01 earned 500 total points
ID: 24021663
1. use iptables / firewall  [ block every incomming port, open one by one]
2, use syslog or syslog-ng to move log file from server to any secure place , so that you can check for any aututhorize activity
3. dont login in the server As root, put a hard password for root, login as normal user then use sudo
4. use some thirdparty software to prevent too much login attempt such , portsentry, fail2ban, those will save you if any person try too much  login attept

6, Check log regularly

these are the basic ....
0
 

Author Comment

by:hatem_from_mesr
ID: 24021743
hi fosiul01,
>>>1. use iptables / firewall  [ block every incomming port, open one by one]
can you tell me more details I'm beginner in that
regards
hatem gamal
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 24021814
Ok
in Centos , we get firewall which i iptables

such as block everything


iptables -P INPUT DROP

iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
so it will block every input
now you will have to open suppose ssh, 80, 53
just open one by one

but there are other things to consider  about IPtables
such as blockign spoofing, Brutal attack .

just read on net about iptables

another product you can use Snort, to protect your server from hacker..


0
 

Author Comment

by:hatem_from_mesr
ID: 24021890
hi fosiul01,
>>>now you will have to open suppose ssh, 80, 53
can you please provide me syntax
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 24021937
iptables -A INPUT  -p tcp --dport 80 -j ACCEPT

so it will allow http connection to your web server

iptables -A INPUT  -p udp --dport 53 -j ACCEPT
iptables -A INPUT  -p tcp --dport 53 -j ACCEPT

this will allow dns request to your server


one more : if you dont want any service in web server , dont install  
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Why VNC doesn't work in Redhat? 11 72
how to rebuild XFS volume from LV 19 89
Need BIOS update Linux for MSI X99A motherboard. 4 53
expand ext4 on centos 6 5 37
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question