Need to secure RHEL Server from outside
Hi All ,
I want to secure my server and find lots of solutions but still confuse which one to choose and why ....it has to be secure - so please help with below query:
- Forbid any changes on network configuration files (set read-only)
- Send an automatic e-mail when these attributes change or/and network configuration files was changed
- Send an automatic e-mail when someone use network configuration tools (ifconfig, iproute2, iptables, dns, etc.)
- Listen ssh connection only on specific administration Lan interface
- Listen networker connection on backup and administration Lan interfaces
The backup team always use root access, because the backup solution require root privileges. The virtualized storage node is accessible by :
- Backup team
- System team
So how can i secure root access even if i want to give them root access - for example not able to change or edit some files etc.
Really appreciated you - Many thanks in advance
I want to secure my server and find lots of solutions but still confuse which one to choose and why ....it has to be secure - so please help with below query:
- Forbid any changes on network configuration files (set read-only)
- Send an automatic e-mail when these attributes change or/and network configuration files was changed
- Send an automatic e-mail when someone use network configuration tools (ifconfig, iproute2, iptables, dns, etc.)
- Listen ssh connection only on specific administration Lan interface
- Listen networker connection on backup and administration Lan interfaces
The backup team always use root access, because the backup solution require root privileges. The virtualized storage node is accessible by :
- Backup team
- System team
So how can i secure root access even if i want to give them root access - for example not able to change or edit some files etc.
Really appreciated you - Many thanks in advance
Jan Bacher
You will need to configure a combination of iptables, sshd_config, fail2band and sudo.
ASKER
Thanks Jesper - It would be great if you could explain little bit more with more specific details on tools and also what could be best to use as per above points.
Thanks in advance
Thanks in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Why do you have to give root access to so many people? The utilities they need to use could be setuid root, group execute, no world access.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you so much Jesper and Serialband for you valuable comments.
I have few points which i want but confuse how and what the best way to implement:
- Suppose we have 3 nic cards on a same server - but i want ssh/login from only one specific NIC - how to implement that? using IPTABLE if yes then how to specify nic card in that ? or any other option available?
- I want to trace few files - suppose if any one modifiying those files i shud get an alert by a mail or something else? suppose if user changes any thing in ifcfg-eth0 or resolve.conf then i want to have an alert on our mail?
Any other useful thing i could apply to make it secure would be appreciated ?
I have few points which i want but confuse how and what the best way to implement:
- Suppose we have 3 nic cards on a same server - but i want ssh/login from only one specific NIC - how to implement that? using IPTABLE if yes then how to specify nic card in that ? or any other option available?
- I want to trace few files - suppose if any one modifiying those files i shud get an alert by a mail or something else? suppose if user changes any thing in ifcfg-eth0 or resolve.conf then i want to have an alert on our mail?
Any other useful thing i could apply to make it secure would be appreciated ?
when i configure iptables, i include both source and destination. so, you can deny ssh to the other nic subnet/mask destination and allow it to the single nic on the server.
if you have configured this correctly with the permissions, no one would be able to make changes. that's why i suggest lshell in combination with sudo. in both, you can specify what commands can be run and with sudo you can specify that the commands can be run as root without having to know or provide the root password.
if you have configured this correctly with the permissions, no one would be able to make changes. that's why i suggest lshell in combination with sudo. in both, you can specify what commands can be run and with sudo you can specify that the commands can be run as root without having to know or provide the root password.
ASKER
Okay thank you jesper - but problem is coming i want to dedicate some instances only to one NIC card and not able to find the best secure way ? will IPtables work in this if yes then please be more specific how?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.