[TriLUG] Advice on securing a Linux Server
rothwell
michael at rothwell.us
Sat Sep 29 20:28:44 EDT 2007
All that's a good start. Install denyhosts as well, for additional
SSH protection. Also, add yourself (and other ssh-worth users) so a
special group, and allow only that group to log in. Read your
logwatch. Look at using selinux or apparmor. Run your app under the
lowest privs you can. Use unix sockets and not tcp with mysql.
and probably some other stuff...
On Sep 29, 2007, at 1:07 PM, Jeff Ellis wrote:
> I'm putting together a CentOS 5 based system that will be directly
> exposed to the internet (to serve a tomcat application). So far,
> I've:
>
> - Turned on the software firewall and blocked everything except for
> port
> 8080, another port for the application, and a port for ssh
> - Moved sshd to a non-standard port
> - Configured ssh to not allow root logins
> - Set a root password for mysql (mysql is needed by the app)
> - Set strong passwords for all users
>
> Anything else I should do to help secure it?
>
> Jeff
>
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/
> trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
More information about the TriLUG
mailing list