VPS Host Node Security
Greetings All,
I have looked high and low looking for a guide on securing a VPS host node. I have been told from other sources that there isn't much you can do apart from keeping it up2date and disabing un-needed system services. What are these un-needed system services? System setup; CentOS w/ OpenVZ & HyperVM Thanks. |
Someone must have a idea??
Thanks. |
Lot of services are available in Linux. But those are not required to run all the time. Disabling the unwanted services will save memory and CPU resources.
To list out the running services, run the command:- # chkconfig --list |more To disable a particular service, run the command:- # chkconfig service-name off eg:- # chkconfig autofs off # chkconfig --list autofs autofs 0:off 1:off 2:off 3:off 4:off 5:off 6:off You can disable all the unnecessary services like this. |
Yes but what are the unwanted services? It's for VPS hosting.
Thanks. |
tuftystick,
it all depends on your setup. If you are using a web based solution for remote administration the requirements will differ from a solely ssh based administration. basically unwanted services are the ones that listen for a remote connection with the exception of the services you explicitly enable. after you fix that then you can look at the other processes that may lead to privilege escalation. If you post the output of: Code:
chkconfig --list |
Listed below is the output asked for;
Code:
[root@node ~]# chkconfig --list CentOS 5.2 64 Bit OpenVZ & HyperVM Hosting VPS Servers Thanks. |
tuftystick,
a quick scan of your list and the following can be disabled. Code:
chkconfig atd off in the first column of the ' chkconfig --list command ' so you know what they do and make your own assessment as to whether you need them or not. look at these links: Which Services Can I Disable? Perfect Setup (older centos release, but still applicable) |
Will the above stop me or my clients from doing anything?
Thanks. |
OpenVZ & HyperVM do not need any of those services.
if you are using the webserver (httpd) on the host then you can leave that on (not recommended). but to answer your question no it will not prevent you or your clients from doing anything. your clients have their own isolated environment. the only thing you should be using on the host is iptables, sshd, and the mangement tools for ovz and hypervm. |
Ok, thanks alot junpa.
|
chkconfig atd off
chkconfig bluetooth off chkconfig cups off chkconfig gpm off chkconfig httpd off chkconfig pcscd off chkconfig netfs off chkconfig portmap off chkconfig rpcidmapd off chkconfig rpcvcgssd off chkconfig cpuspeed off chkconfig firstboot off chkconfig nfslock off chkconfig xfs off the best just with openvz |
I would suggest you to do your own research for the services in the first column of the "chkconfig list command" try to analyze how they work on it and make your own assessment as to whether you need them or not and if it works for you.
|
jeffreyfrog,
I already said that....except for a word or two it could have been a copy & paste. |
All times are GMT -5. The time now is 09:02 AM. |