Roland RoLaNd wrote: > > i Just finished setting up an apache service on a centos 5.2 VM machine. > > i need to secure this machine as i'm soon to be setting a public IP over > it where i'd be opening up the following services: > > 1. http > 2. https > 3. ssh > > > Things i've done so far: > > 1. stopped root ssh access in sshd.conf > 2. tried configuring PAM so i get a more secure ssh passwords (dictionary > wise) as well as tried setting up a 2 times authentication failure for the > account to be disabled for 12 hours (i couldnl't succeed in setting this > up) > 3. disabled port forwarding (to deny outsiders to tunnel through the > server inside my network) couldn't succeed with this either. > Well, you could set selinux enforcing (AUGH!!!). Another possibility is run Bastille Linux on it to harden it. I really like the latter - I used it to harden an old system of mine, first Redhat 7.x, then Redhat 9 (yes, this is years ago), and used that as my firewall/router, and in something like 9 years online, on broadband, to the best of my knowledge, I never had an intrusion. mark _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos