Hi,
I admit I never gave security that much thought, that is, except the
most basic security rules like choosing good passwords, or reasonable
file and directory permissions. But now I have to change that, since
I'll soon have to setup a dedicated production server for our public
libraries.
I wonder where to begin. I would say first thing is get a series of
"auditing" tools such as, for example, the port scanner nmap, to test
the firewall on the server. Any other ideas for that?
The firewall: CentOS includes a default firewall, where ports can be
chosen using a simple graphical (or ncurses) tool. Is that solid enough
for a web server? Or do you recommend diving into the innards of
iptables? Or maybe, other solution, can you recommend some good
"reasonable" set of rules for a web server, for example?
Last but not least: SELinux. For the moment I don't use it. I read the
chapter on SELinux in "Red Hat Enterprise Linux 5 Unleashed" by Tammy
Fox, and I simply wonder if it's worth the pain. I'm curious about your
opinions about this subject.
Maybe some good reads on security? That is, articles that don't require
you to be a doctor in computer science to get a grasp of the subject?
And also documentation that doesn't require me to have a life expectance
of 500+ years
:oD
Any suggestions?
Niki
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
