It has been a long time since I wrote anything here - I've been extremely busy. We're doing some pretty darn cool stuff at work technology-wise, which keeps me excited (it helps when a fellas boss is a tech junkie, and like to see your ideas and then add to em..). So, yesterday I had to harden a box for an undisclosed purpose, and it made me think "Hey! I can stick this on the blog!"
This should work with any RPM based (redhat, fedora, centos, whitebox, etc) Linux distro.
Here's a not so brief overview: First, we need the local (non-root) account created, make sure we're booting to runlevel 3, drop the number of tty's to 2, lock the filesystem, remove unimportant services, fixup (not in that special IOS way, but in the southern phrase way) a few of the etc/* files, lock down some not-so-secure services, make ssh a little more secure, removing a metric good lot of un-used RPM's, locking down the services we do use, perform a little tcp hardening, some IPTables Rules.. eh.. a lot of stuff.
UPDATE: 06/02/2008: ... I wrote that about 2 weeks ago - since then, I've whipped this up: http://freshmeat.net/projects/lockdown/
It needs some outside eyes, a little TLC, and some good ol' community contribution to be worthy...
Saturday, May 17, 2008
Locking down a RedHat based box
Subscribe to:
Posts (Atom)
