I recommend a two prong approach. Do some general research into
hardening Linux at places like SANS(www.sans.org) and Center for
Internet Security(www.cisecurity.org). Basically update everything,
disable unnecessary services, limit access. You should probably look at
the Bastille hardening program(bastille-linux.sourceforge.net). I
really think Bastille will help you. I hesitate to say stay away from
SE Linux, but it can be quite a bear to get your apps running with it.
It's just as important to secure the app. You really need to look at
the SFTP application you will be using and evaluate it's security level.
If you lock down the OS, block all the bad ports in the firewall, but
leave the FTP app with weak security you're just wasting your time.
Your server is only as secure as the weakest link. I know this is the
Linux list, but you really will need to take a wider approach and secure
the entire system.
A few other things to consider are backups and integrity checking. How
much data loss is acceptable? How long will the files sit on the FTP
server before they are copied/moved off? Tripwire is a great way to
monitor critical files and notifying the sysadmin if they change.
Best of luck,
Chase
>>> Florin Iliescu <iliescufm (at) yahoo (dot) com [email concealed]> 7/3/2008 11:53 AM >>>
Helo,
Can anybody help me with some procedures to secure a CentOS server? I
am going to use it for receiving files over Internet with SFTP.
Thank you,
Florin
The information in this email is intended for the sole use of the
addressees and may be confidential and subject to protection under the
law. If you are not the intended recipient, you are hereby notified that
any distribution or copying of this email is strictly prohibited. If you
have received this message in error, please reply and delete your copy.
I recommend a two prong approach. Do some general research into
hardening Linux at places like SANS(www.sans.org) and Center for
Internet Security(www.cisecurity.org). Basically update everything,
disable unnecessary services, limit access. You should probably look at
the Bastille hardening program(bastille-linux.sourceforge.net). I
really think Bastille will help you. I hesitate to say stay away from
SE Linux, but it can be quite a bear to get your apps running with it.
It's just as important to secure the app. You really need to look at
the SFTP application you will be using and evaluate it's security level.
If you lock down the OS, block all the bad ports in the firewall, but
leave the FTP app with weak security you're just wasting your time.
Your server is only as secure as the weakest link. I know this is the
Linux list, but you really will need to take a wider approach and secure
the entire system.
A few other things to consider are backups and integrity checking. How
much data loss is acceptable? How long will the files sit on the FTP
server before they are copied/moved off? Tripwire is a great way to
monitor critical files and notifying the sysadmin if they change.
Best of luck,
Chase
>>> Florin Iliescu <iliescufm (at) yahoo (dot) com [email concealed]> 7/3/2008 11:53 AM >>>
Helo,
Can anybody help me with some procedures to secure a CentOS server? I
am going to use it for receiving files over Internet with SFTP.
Thank you,
Florin
The information in this email is intended for the sole use of the
addressees and may be confidential and subject to protection under the
law. If you are not the intended recipient, you are hereby notified that
any distribution or copying of this email is strictly prohibited. If you
have received this message in error, please reply and delete your copy.
[ reply ]