Quick, Easy "Security Cheat Sheet" for new Centos 5.4 VPS?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
... but does anybody have any recommendations for establishing "basic security" on a new Centos 5.4 VPS?
I just want to make sure:
a) I've done "due diligence" to prevent compromises
<= I'm looking for pretty much the Linux equivalent of enabling Windows Firewall and installing Symantec or McAfee
b) If, for whatever reason, I *am* compromised, I have a fighting chance of detecting it
Thank you very much in advance .. PSM
The NSA has a security guide for RHEL 5 (I believe that's pretty close to CentOS 5.4) on their website. As for firewall and antivirus, you already have iptables installed, and you can stick with McAfee if you really want to.
Thank you, but the NSA guidelines are the EXACT OPPOSITE of what I'm looking for. They're 182 pages of advice like "disable your USB ports", "use centralized authentication", and "enable SE Linux".
No: I'm looking for something short, simple and eminently practical.
Preferably somthing oriented toward "VPS Linux" in general, and "Centos 5.4" in particular. For an internet-facing, single-user environment.
Thank you in advance .. PSM
The closest thing I can think of is Bastille, which will walk you through its hardening steps with information about each one. Maybe there's a package of it available for your CentOS version? BTW, since you're looking for the equivalent of something you saw for Windows, maybe you could post a link to that so we could have a more precise idea of what you seek?
Thanx for the suggestion. I'll post back what I find (this might be a good opportunity to play with LQ blogs for the first time).
My new VPS comes with an iptables firewall (yay!), the iptables is enabled (yay!) .... but it's the default configuration: absolutely no rules. Essentially, no firewall
The VPS service also offers (optional) Plesk control panel and applets. I installed a bunch of the Plesk stuff: including Kapersky A/V and Plesk's own firewall. Which pretty much covers the "Windows firewall and McAfee" I mentioned (as generic metaphors, not necessarily specific items that I actually wanted to duplicate on Linux) earlier.
I was hoping to find a short (1 page or less) "Linux VPS Security for Dummies" kind of "how-to". I'm sure they exist - but I haven't found one yet. And, unfortunately, the things cited in the LQ "security" sticky seem to be relatively old (some of the links are actually broken) and not particularly relevant to my particular needs (IMHO).
Anyway - thanx again for the suggestions, and please let me know if you think of anything else.
I have a RHEL/CentOS 5 system "baseline" that I put together. It's both basic and easy to follow. (Read: it's certainly not comprehensive or specific to any one situation.) Here's a summarized version.
Put /, /home, /tmp, and /var on separate filesystems
Set a grub bootloader password
For packages, select "Customize Now", and install only "Base System -> Base"
Skip all the Setup Agent options - just exit
Post install steps:
Enable a very basic packet filtering ruleset (i.e. allow IPv4 ssh connections, and drop everything else)
# iptables -F
# iptables -A INPUT -i lo -j ACCEPT
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
# iptables -A INPUT -j DROP
# service iptables save && chkconfig iptables on
Update packages with yum
Enforce strong passwords system-wide (see following diff)