Securing a Linux Centos VPS
I was looking for some help getting a good list of IP tables and other security measures on my new Linux Centos VPS.. I have some files I wan't no one other than myself to have access to.. I will be running some gameservers on it on ports 7777 and 7778 though and I want to have VSFTPD running for fast file transfers. What would be your reccomendations? Thanks.
I recommend using Firewall Builder, http://www.fwbuilder.org/. Very nice and flexible graphical tool to build various types of firewalls, including iptables. Make sure you only open the ports you actually use to the outside world.
Use SSL, so credentials will never be available in cleartext for sniffers. Restrict access to only those user that need it. There's a fairly detailed PDF on setting up vsftpd with SSL here: vsftpd_FTPS_Setup_RHEL5
If you want to allow anonymous access, I suggest you chroot the server.
Files you only want accessed by yourself should either be in your homedirectory(tree) or elsewhere with the proper owner (i.e. you) and mode (i.e. 600). You could assign a separate subdirectory with mode 700. That way, only you will have access, and root.
Do not use telnet; use ssh.
Do not use password access for ssh; use private/public keypairs.
You may want ssh to not use port 22, but some available unprivileged port higher up. Reduces the number of brute force attacks quite a bit.
If you need to use passwords: generate long random passwords and store these in a password database, like KeePassX.
Use pam-tally to limit the number of login-attempts.
Mount /tmp noexec.
You may want to setup Fail2Ban to choke invalid brute force access attempts.
Beware pam-tally locks users out until reset by root while Fail2Ban blocks IP addresses for a specified period (you can whitelist your own IP).
There's probably more, but this pops up off the top of my head, implementable with standard CenOS and off-the-shelf RPMs.
|All times are GMT -5. The time now is 10:53 PM.|