+1 for bastille...
On 9/18/10, m.roth@xxxxxxxxx <m.roth@xxxxxxxxx> wrote:
> Roland RoLaNd wrote:
>>
>> i Just finished setting up an apache service on a centos 5.2 VM machine.
>>
>> i need to secure this machine as i'm soon to be setting a public IP over
>> it where i'd be opening up the following services:
>>
>> 1. http
>> 2. https
>> 3. ssh
>>
>>
>> Things i've done so far:
>>
>> 1. stopped root ssh access in sshd.conf
>> 2. tried configuring PAM so i get a more secure ssh passwords (dictionary
>> wise) as well as tried setting up a 2 times authentication failure for the
>> account to be disabled for 12 hours (i couldnl't succeed in setting this
>> up)
>> 3. disabled port forwarding (to deny outsiders to tunnel through the
>> server inside my network) couldn't succeed with this either.
>>
> Well, you could set selinux enforcing (AUGH!!!). Another possibility is
> run Bastille Linux on it to harden it. I really like the latter - I used
> it to harden an old system of mine, first Redhat 7.x, then Redhat 9 (yes,
> this is years ago), and used that as my firewall/router, and in something
> like 9 years online, on broadband, to the best of my knowledge, I never
> had an intrusion.
>
> mark
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
