Hardening CentOS

Helo,

Can anybody help me with some procedures to secure a CS server? I am going to use it for receiving files over Internet with SFTP.

Thank you,

Florin

Florin Iliescu pravi:
Helo,
>
Can anybody help me with some procedures to secure a CS server? I am going to use it for receiving files over Internet with SFTP.
>
Thank you,
>
Florin
>
>

>

Hello Florin,

if I were you what I would do is:
1. Close all ports from outside except port 22 with iptables,
2. establish ssh key + user name and password authentication,
3. if you know from which IP's connections are coming then use
tcpwrappers (/etc/hosts.allow + /etc/hosts.deny) to allow sftp
connection from specific ip addresses,
4. Sftp use the same port than ssh. Actually it is subsystem of ssh so
users will be allowed to login to your system (will have shell on your
machine),
5. system should be up to date all the time,
6. IDS/IPS

These are just some thinks I would consider.

I hope it helps a little.

Best regards!

Jure

If this is behind a firewall then block all other ports on the
firewall. If not then I would suggest IPTABLES for you. Also check for
any services running that you do not need and disable them. In
addition to those basics , run your SFTP daemon as a local user to
avoid exposing a service under root to the Internet. If your external
users that will be using the service are fixed IP machines then allow
only those machines.

I would also suggest an IDS such as snort for example. things to
account for are services this machine offers to more than one network.
If you have other services being offered to your internal LAN for
example then you might want to bind each service to it's corresponding
network address to avoid external users for example , using your
internal services.

Could you tell me more about your setup and the machine?

Regards,
Mario