Hardening a server takes two general activities: Reducing the number of services that can be attacked and protecting any services that are still required.
There are a lot of discussions on how to do this for various operating systems including RedHat Linux. RedHat's Deployement Guide is a good resource.
The NSA also has documents on securing your operating system. However, they're a little hard to get. I tried searching for RHEL5 on their site and had some difficulty access the documents in the search results:
Now it's a little hard to access the documents on the NSA's E drive, but I was able to eventually find them by getting in another way ;) ;) ... Okay, I didn't breakin to the NSA to get on their E drive, I found the page that actually good links: NSA/CSS Operating Systems.
There's a longer document (about 170 pages) and also a short reference (2 pages) which gives lots of good things to secure.
There are a lot of other good resources Online as well, so I won't ramble further. Just turn off anything you don't need, update what you do need frequently, and secure your system with a firewall, and other security tools (PortSentry, fail2ban, DenyHosts, anti-virus software, rootkit detection, etc, etc, etc).
Friday, 22 May 2009
Hardening a RHEL5 Box and the NSA
Subscribe to: Post Comments (Atom)
For anyone who's had to cleanup some mail problems with Postfix configuration (or more often with other things, like anti-spam, tied in ...
In the course of troubleshooting the office Jabber server the other day, I came across some interesting info about the various caches that O...
For everyone who uses cron, you are familiar with the job schedule form: min hr day-of-month month day-of-week <command> A problem...
Post a Comment