Re: Security checklist for new Centos server?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sat, Jul 21, 2007 10:33:14 AM +0200, Ralph Angenendt
(ra+centos@xxxxxxxxxxxx) wrote:

> > - set up itables (what would the safest iptables script to do all and
> >   only the services listed above?
> 
> Depends on from where you want to connect to your imap server. From
> everywhere?

yes. More exactly, dovecot must serve both local webmail via
squirrelmail and my (and other users) home boxes

> If you only run sshd, imap, postfix and apache I don't really see a
> need for iptables. But you might want to restrict access to sshd to
> a few ip addresses if you can.

Unfortunately, this is not an option. Sorry I forgot to specify it in
the initial message.

> > - what else?
> 
> Don't turn off SELinux.

Hmmm... I had also forgotten this side of the package. I will be
running on a rented VPS, can SELinux be used in such contexts?

Also, frankly I am not up to date on this, but I do remember reading a
lot of "Just turn off selinux, isn't worth it" and "selinux isn't
mature/ documented enough yet" in relatively recent times, both on
Fedora and Centos lists.

Is this still the case?

Thanks!
	Marco
-- 
The Family Guide to Digital Freedom         http://digifreedom.net
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux