securing a remotely hosted machine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi,

I'm looking to put together a doc for the wiki.c.o on howto secure a 
remotely hosted machine. Its a situation that many of us find ourselves 
in, wherein we either lease or colo a server ( or many ) and there is 
always the issue of remote hands, other facility users etc being able to 
get physical access of the machines. So what are the usual steps that 
people take in order to secure their remote-hosted-servers.

A short list of things that I tend to always do is :

- disable all getty's

- make grub boot imediately with no user interrupt possible

- put sensitive data on a locally encrypted disk

- plumb in a bios password

- have all console redirected to a iLo / drac / ipmi2 device; if there 
is one of those - if not then redirect the output to a non-existing 
ttySX port ( isnt ideal! )

- disable all telnet and http/https access to the ilo / drac interfaces, 
ensure impi is secured.

What other, reasonable, steps should one consider ?

the end result, ofcourse, is to still have the option of handing 
passwords etc to the DC ops should there be a need to actually work on 
the machine remotely. so removing the keyb and display interfaces might 
not be desirable.

- KB
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux