LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-07-2011, 12:02 PM   #1
MisterTickle
LQ Newbie
 
Registered: Jan 2011
Posts: 19

Rep: Reputation: 0
Securing a Linux Centos VPS


I was looking for some help getting a good list of IP tables and other security measures on my new Linux Centos VPS.. I have some files I wan't no one other than myself to have access to.. I will be running some gameservers on it on ports 7777 and 7778 though and I want to have VSFTPD running for fast file transfers. What would be your reccomendations? Thanks.
 
Old 02-07-2011, 12:42 PM   #2
r_hartman
LQ Newbie
 
Registered: Feb 2011
Location: Netherlands
Distribution: CentOS
Posts: 15

Rep: Reputation: 0
iptables:
I recommend using Firewall Builder, http://www.fwbuilder.org/. Very nice and flexible graphical tool to build various types of firewalls, including iptables. Make sure you only open the ports you actually use to the outside world.

vsftpd:
Use SSL, so credentials will never be available in cleartext for sniffers. Restrict access to only those user that need it. There's a fairly detailed PDF on setting up vsftpd with SSL here: vsftpd_FTPS_Setup_RHEL5
If you want to allow anonymous access, I suggest you chroot the server.

permissions:
Files you only want accessed by yourself should either be in your homedirectory(tree) or elsewhere with the proper owner (i.e. you) and mode (i.e. 600). You could assign a separate subdirectory with mode 700. That way, only you will have access, and root.

general:
Do not use telnet; use ssh.
Do not use password access for ssh; use private/public keypairs.
You may want ssh to not use port 22, but some available unprivileged port higher up. Reduces the number of brute force attacks quite a bit.
If you need to use passwords: generate long random passwords and store these in a password database, like KeePassX.
Use pam-tally to limit the number of login-attempts.
Mount /tmp noexec.
You may want to setup Fail2Ban to choke invalid brute force access attempts.
Beware pam-tally locks users out until reset by root while Fail2Ban blocks IP addresses for a specified period (you can whitelist your own IP).

There's probably more, but this pops up off the top of my head, implementable with standard CenOS and off-the-shelf RPMs.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
CentOS 5.3 VPS and RealVNC TheN00B Linux - Server 1 03-11-2010 12:36 PM
Securing a VPS stephen_wq Linux - Server 10 03-30-2009 08:31 AM
VPS securing tasks for admin ? tuka Linux - Security 1 12-11-2006 06:35 PM
Xvnc will not start (CentOS vps) WojtekO Linux - Software 1 11-09-2006 06:51 PM


All times are GMT -5. The time now is 09:12 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration