Solved

how to make linux centos 5 distribution secured

Posted on 2009-03-30
5
348 Views
Last Modified: 2013-12-15
hi all,
my manager want me to secure linux centos5 distribution in development or hosting purpose
and I have no Idea in that can you please guide me in that matter
any tutorial, how to topic, check list is very appriciated

regards
hatem gamal
0
Comment
Question by:hatem_from_mesr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 29

Accepted Solution

by:
fosiul01 earned 500 total points
ID: 24021663
1. use iptables / firewall  [ block every incomming port, open one by one]
2, use syslog or syslog-ng to move log file from server to any secure place , so that you can check for any aututhorize activity
3. dont login in the server As root, put a hard password for root, login as normal user then use sudo
4. use some thirdparty software to prevent too much login attempt such , portsentry, fail2ban, those will save you if any person try too much  login attept

6, Check log regularly

these are the basic ....
0
 

Author Comment

by:hatem_from_mesr
ID: 24021743
hi fosiul01,
>>>1. use iptables / firewall  [ block every incomming port, open one by one]
can you tell me more details I'm beginner in that
regards
hatem gamal
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 24021814
Ok
in Centos , we get firewall which i iptables

such as block everything


iptables -P INPUT DROP

iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
so it will block every input
now you will have to open suppose ssh, 80, 53
just open one by one

but there are other things to consider  about IPtables
such as blockign spoofing, Brutal attack .

just read on net about iptables

another product you can use Snort, to protect your server from hacker..


0
 

Author Comment

by:hatem_from_mesr
ID: 24021890
hi fosiul01,
>>>now you will have to open suppose ssh, 80, 53
can you please provide me syntax
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 24021937
iptables -A INPUT  -p tcp --dport 80 -j ACCEPT

so it will allow http connection to your web server

iptables -A INPUT  -p udp --dport 53 -j ACCEPT
iptables -A INPUT  -p tcp --dport 53 -j ACCEPT

this will allow dns request to your server


one more : if you dont want any service in web server , dont install  
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question