On Mon, Jun 29, 2009 at 9:00 AM, Sander Snel<zander.snel@xxxxxxxxx> wrote: > On 06/27/2009 09:21 PM, Mag Gam wrote: > > sane and simple security management for linux systems: > 1. only open ports in iptables which are being used, if possible with > source address or source network. > 2. use hosts.allow/deny rules for services if applicable, this adds > another layer of security. > 3. check logs often, use a central loghost > 4. SSH: no root login, only dedicated users, only dedicated source > addresses, only key based access or kerberized access, no standard port PortKnocking so the open port changes continuously. and / or tinc-vpn / hamachi so the port is only open to another member of your tinc network. Since there there are hundreds-of- thousands or millions of infected web servers out there serving up malicious drive-by javascript, use noscript on any machine connected to a server. Reemphasize watching cms (joomla and the like) plugins. > 5. enable SELinux > 6. use some kind of intrusion detection, like aide (standard in centos) > or snort > 8. use fail2ban to deny ipaddresses with several failed login attempts > within a short period of time > 9. clear your shell's history on logout > 10. use sudo instead of su - > 11. check bastille.org for hardening > 12. check center for internet security for benchmarks, they provide very > detailed information for hardening servers ( csisecurity.org ) > 13. use chattr -i for several key configuration files, so they cannot be > changed or deleted > > this should get you started, good luck > > Sander > >> WE have a centos 5.3 install, and our server is keep getting hacked. >> We see load averages of 500+ and see people from all over the world >> logging into our server (used last). >> >> Is there a good place to start to avoid these kinds of things? >> >> For example, here is what I already did. >> >> Open up sshd port only >> setup iptables to only accept port 80 and 22 >> No FTP >> No other ports are allowed according to IP Tables. >> >> >> I am not sure what else measures I can take. Can someone please assist? >> >> TIA >> _______________________________________________ >> CentOS mailing list >> CentOS@xxxxxxxxxx >> http://lists.centos.org/mailman/listinfo/centos >> > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos > _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos