[Centos] Secure server install

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On that subject, it's worth considering that many installations are
not terribly "secure" right out of the box.  For example, SSH allows
protocol version 1 and remote root logins by default on Centos.  Many
admins consider this to be rather insecure - some have no problem with
it in their environments.

Whatever services you do need, it would be worth auditing all of their
config files.

Greg


On Thu, 27 Jan 2005 15:33:47 -0400, Joe Polk <listuser@xxxxxxxxxxxxx> wrote:
> It's not a question of what "users" to delete by default. Most default user
> accounts are there for a specific task. Think about what services you don't
> intend to use. Stop those daemons from running on boot and kill the
> corresonding account for them. My experience is that there are very few
> accounts that would need to be removed. Services are more important to focus on.
> 
> --
> <<JAV>>
> 
> 
> ---------- Original Message -----------
> From: H?vard Hebnes <centos@xxxxxxx>
> To: "'CentOS discussion and information list'" <centos@xxxxxxxxxxx>
> Sent: Thu, 27 Jan 2005 17:57:38 +0100
> Subject: RE: [Centos] Secure server install
> 
> > Yes, it will handle mail (qmail, stores in /var/qmail), mysql, www
> > sites /home
> >
> > Will use Plesk as CP
> >
> > Think your example looks good. Have you any suggestions to which
> > default users I should delete?
> >
> > /H?vard
> >
> > -----Original Message-----
> > From: centos-bounces@xxxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxxx]
> > On Behalf Of Beau Henderson Sent: 27. januar 2005 17:49 To: CentOS
> > discussion and information list Subject: Re: [Centos] Secure server install
> >
> > Well now that really depends on what your going to have installed on
> > the server. Will it handle mail? mysql or other databases ? web
> > serving, etc ? Will you have any control panel system installed on
> > this system ?
> >
> > Here's an example of one of my systems which handles everything:
> >
> > /dev/hda6            1012M  238M  723M  25% /
> > /dev/hda1             244M   21M  210M   9% /boot
> > /dev/hda7              91G   19G   68G  22% /home
> > none                 1004M     0 1004M   0% /dev/shm
> > /dev/hda5             2.0G   33M  1.8G   2% /tmp
> > /dev/hda2             9.7G  2.9G  6.3G  31% /usr
> > /dev/hda3             9.7G  1.8G  7.5G  19% /var
> >
> > Generally a 512 - 1 GB is enough for tmp. The size of each really
> > depends upon what software you'll have installed and where it places
> > its files.
> > --
> > Beau Henderson
> > http://www.iminteractive.net
> >
> > On Thu, 27 Jan 2005 17:41:30 +0100, H?vard Hebnes <centos@xxxxxxx> wrote:
> > > Any recomendations how big they should be? Have 160GB to use..
> > >
> > > Thanks,
> > >
> > > regards
> > > H?vard
> > >
> > > -----Original Message-----
> > > From: centos-bounces@xxxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxxx] On
> Behalf Of Beau Henderson
> > > Sent: 27. januar 2005 17:36
> > > To: CentOS discussion and information list
> > > Subject: Re: [Centos] Secure server install
> > >
> > > On our web hosting servers, we generally use:
> > > /
> > > /tmp
> > > /var
> > > /usr
> > > /boot
> > > swap
> > > /home
> > >
> > > Not necessarily in the above order.
> > >
> > > --
> > > Beau Henderson
> > > http://www.iminteractive.net
> > >
> > > On Thu, 27 Jan 2005 07:30:34 -0600, Benjamin J. Weiss
> > > <benjamin@xxxxxxxxxxx> wrote:
> > > > H?vard Hebnes wrote:
> > > >
> > > > >Not sure if this is the right place to ask, but I'll try.
> > > > >
> > > > >When I do a minimum install of Centos, which default users should I
> delete (users that won't be needed on
> > a
> > > > >server) It will be used for webhosting, mail, sql.. And, what
> partitions would you advice me to create?
> > > /root,
> > > > >/tmp, swap, /... should I have more?
> > > > >
> > > > >
> > > > >
> > > > I don't usually create a seperate /root.  The partition structure I
> > > > usually go with is:
> > > >
> > > > /boot
> > > > /tmp
> > > > /var
> > > > /
> > > > swap
> > > >
> > > > And some people throw in /home.
> > > >
> > > > Ben
> > > > _______________________________________________
> > > > CentOS mailing list
> > > > CentOS@xxxxxxxxxxx
> > > > http://lists.caosity.org/mailman/listinfo/centos
> > > >
> > > _______________________________________________
> > > CentOS mailing list
> > > CentOS@xxxxxxxxxxx
> > > http://lists.caosity.org/mailman/listinfo/centos
> > >
> > > _______________________________________________
> > > CentOS mailing list
> > > CentOS@xxxxxxxxxxx
> > > http://lists.caosity.org/mailman/listinfo/centos
> > >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxxx
> > http://lists.caosity.org/mailman/listinfo/centos
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxxx
> > http://lists.caosity.org/mailman/listinfo/centos
> ------- End of Original Message -------
> 
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxxx
> http://lists.caosity.org/mailman/listinfo/centos
>

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux