apunkabollywood
asked on
to secure network in RHEL VM
Hi All,
I have one RHEL virtual machine on VMware - connected with 3 difrent network - please advice how to secure my server and what tools could be used?
I have one RHEL virtual machine on VMware - connected with 3 difrent network - please advice how to secure my server and what tools could be used?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for your valuable suggestion but let me more specific about requirements
1-Actually it will acting as a Storage NODE and we are using EMC networker and its require root role - so i need to secure as per this so that no hacking or etc possible with proper monitoring?
2. I want to specify specific VLAN access from specific NIC card - please help me with that kind of settings?
3. SSH only allow from specific admin port not from all?
Please help me if you have more suggestions on the same
1-Actually it will acting as a Storage NODE and we are using EMC networker and its require root role - so i need to secure as per this so that no hacking or etc possible with proper monitoring?
2. I want to specify specific VLAN access from specific NIC card - please help me with that kind of settings?
3. SSH only allow from specific admin port not from all?
Please help me if you have more suggestions on the same
ASKER
Thank you - Helps me a lot
The default settings of a RHEL machine are already good to connect it to the public internet. This means in particular:
- SElinux, mandatory access control, in enforcing mode,
- Firewall turned on, allowing only SSH and any related connections
After the initial configuration is done you should turn off root logins in SSH and disallow challenge / response authentication (basically allowing only SSH logins with valid keys).
The tools you are working with most foremost is iptables for firewall rules and SElinux as mandatory access control.
If you keep the data locations for your services (eg. /var/www as http-root) to the default, you will rarely need to interact with SElinux. Also keep in mind if you have custom build software, you may need to create custom rules or even turn off SElinux.
If you provide more info, I can assist you better.