hardening DMZ systems
Posted on 2011-10-18
we have to created RHEL6 VM in DMZ to serve as a blog server. Is there any website which shows how to harden DMZ linux systems. I have couple of questions on which I want suggestions
1. Patching of OS - whether I should patch it directly from internet using yum or we have internal satellite server to which I shud point this DMZ server to get patched ? any idea which ports are required to be opened if patching from rhn satellite server.
2. rpcbind and rpc.statd services are running on this server and I want to stop it as I am not using any nfs services here. So, will it create problems for any other services running..like..ssh or https etc.
3. Is there any link wherein there is a checklists for verifying the hardening document for linux dmz servers.
We have all the network restrictions in place for this..fyi...