Hi All, What tips does everyone have on hardening a CenOS Server that is running web, e-mail, ssh, ftp, mysql, coldfusion and will be processing payments from www? -Jason
On Fri, May 1, 2009 at 10:19 AM, Jason Todd Slack-Moehrle <mailinglists at mailnewsrss.com> wrote:> Hi All, > > What tips does everyone have on hardening a CenOS Server that is > running web, e-mail, ssh, ftp, mysql, coldfusion and will be > processing payments from www?NSA hardening guidelines would be a good start. The CIS hardening guidelines would be also good. After that you want to look at specific hardening guidelines for apache -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice"
Jason Todd Slack-Moehrle wrote:> Hi All, > > What tips does everyone have on hardening a CenOS Server that is > running web, e-mail, ssh, ftp, mysql, coldfusion and will be > processing payments from www? > > -JasonLinux Server Security is one I'm reading through right now. Covers most of the bases. http://www.amazon.com/Linux-Server-Security-Michael-Bauer/dp/0596006705 -- Ryan Duff web: http://www.ryanduff.net aim: ryancduff twitter: ryancduff -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20090501/4865b002/attachment-0004.sig>
On Fri, May 1, 2009 at 11:19 AM, Jason Todd Slack-Moehrle <mailinglists at mailnewsrss.com> wrote:> What tips does everyone have on hardening a CenOS Server that is > running web, e-mail, ssh, ftp, mysql, coldfusion and will be > processing payments from www?I was out of town and I just read your post. I would strongly suggest that you download the free manual about hardening RHEL 5, in .pdf form, from nsa.gov As I recall, they do *NOT* recommend running more than one service on a server, if possible. Among many other recommendations. Search for "Guide to the Secure Configuration of Red Hat Enterprise Linux 5", Revision 2, December 20, 2007. HTH
On Fri, May 1, 2009 at 11:19 AM, Jason Todd Slack-Moehrle <mailinglists at mailnewsrss.com> wrote:> What tips does everyone have on hardening a CenOS Server that is > running web, e-mail, ssh, ftp, mysql, coldfusion and will be > processing payments from www?Jason: In addition to the other recommendations in this thread, IMHO, you should contemplate offloading the credit card processing, to a company who has the expertise and network required, to try to protect that data. Lanny