Solved

how to make linux centos 5 distribution secured

Posted on 2009-03-30
5
345 Views
Last Modified: 2013-12-15
hi all,
my manager want me to secure linux centos5 distribution in development or hosting purpose
and I have no Idea in that can you please guide me in that matter
any tutorial, how to topic, check list is very appriciated

regards
hatem gamal
0
Comment
Question by:hatem_from_mesr
  • 3
  • 2
5 Comments
 
LVL 29

Accepted Solution

by:
fosiul01 earned 500 total points
ID: 24021663
1. use iptables / firewall  [ block every incomming port, open one by one]
2, use syslog or syslog-ng to move log file from server to any secure place , so that you can check for any aututhorize activity
3. dont login in the server As root, put a hard password for root, login as normal user then use sudo
4. use some thirdparty software to prevent too much login attempt such , portsentry, fail2ban, those will save you if any person try too much  login attept

6, Check log regularly

these are the basic ....
0
 

Author Comment

by:hatem_from_mesr
ID: 24021743
hi fosiul01,
>>>1. use iptables / firewall  [ block every incomming port, open one by one]
can you tell me more details I'm beginner in that
regards
hatem gamal
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 24021814
Ok
in Centos , we get firewall which i iptables

such as block everything


iptables -P INPUT DROP

iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
so it will block every input
now you will have to open suppose ssh, 80, 53
just open one by one

but there are other things to consider  about IPtables
such as blockign spoofing, Brutal attack .

just read on net about iptables

another product you can use Snort, to protect your server from hacker..


0
 

Author Comment

by:hatem_from_mesr
ID: 24021890
hi fosiul01,
>>>now you will have to open suppose ssh, 80, 53
can you please provide me syntax
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 24021937
iptables -A INPUT  -p tcp --dport 80 -j ACCEPT

so it will allow http connection to your web server

iptables -A INPUT  -p udp --dport 53 -j ACCEPT
iptables -A INPUT  -p tcp --dport 53 -j ACCEPT

this will allow dns request to your server


one more : if you dont want any service in web server , dont install  
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now