Securing CentOS

Support for security such as Firewalls and securing linux
Post Reply
kanLiDaL
Posts: 4
Joined: 2006/07/20 07:54:24
Contact:

Securing CentOS

Post by kanLiDaL » 2006/09/17 21:41:44

Dear Security,

I am using CentOS 4 x86_64 RAID1 *Power64/Dual64, 6 Gb RAM, 320 Gb HDD, on my server and last time I just got an rootkit on the server by someone who hates me I guess :-). Some friend told me that some kernels are not secure and that they can get rooted in the way that they did with me. I am trying to secure the server, but I need to get more info on how I can handle this the best. I am searching on the internet, but I can’t know for 100% sure that this is the most secure way. Please give me some advise on I can secure the server on never having to deal with this issue, because I needed to reinstall everything and this meant doing a lot.

Please advise on what kernel to install, version, what kind of firewall and settings..., wich services to shut down, optimizing centos for use of websites and also IRC and radio so that it can work in the best optinal way. Also give me some addresses on wich I can fiend some help on optimizing Centos for us. I don’t need the fancy stuff, just need it to work in a very stable and steady way.



Give me the pointers sothat most lamers cann't touch the server as they have done :-(

Please help me with this problem and thanks.

Best regards,

Kanlidal

stephan
Posts: 17
Joined: 2006/09/07 01:05:48
Contact:

Re: Securing CentOS

Post by stephan » 2006/09/21 11:06:54

If your server got a rootkit, you would be best setting up a new one, as you can't trust the old one.

Sometimes people get in by running an exploit through a PHP script that could be out of date, then if it's an old kernel, can get more access to the server that way.

So I suppose my recommendation would be to setup a new server, check all your scripts are up to date and run "yum update" or "yum upgrade" from time to time. You can also subscribe to the CentOS mailing lists to get informed about any security upgrades.

For a kernel upgrade (if yum upgrade does one), remember to reboot the server afterwards.

"rkhunter" is quite a good tool for finding rootkits as well. If you run it fairly often, perhaps on a cron, that can be quite handy.

For now, while you I guess you are still using the old server, I'd run this:



iptables -I INPUT -s ! YOUR_IP_ADDRESS -p tcp --dport ssh -j DROP
iptables-save

yum upgrade

reboot



(where YOUR_IP_ADDRESS is a static IP of a server you can ssh into the server from).

That will:

Block SSH from everywhere apart from your IP
save the rule
Upgrade CentOS
reboot the server

Drexxor
Posts: 13
Joined: 2006/10/22 14:04:19

Re: Securing CentOS

Post by Drexxor » 2006/10/22 14:18:19

Hi there, im not going to hijacked this topics but i would like to ask the "My IP address" is the server ip or my ip.
How would i add more ip address to access the server because there one of my friends and me sshing to the server

Thanks,
Drexxor

garskoci
Posts: 93
Joined: 2006/07/08 14:50:57
Location: Houston, TX

Securing CentOS

Post by garskoci » 2006/10/22 18:01:33

Drexxor: Yeah, you should probably start a new thread. Someone will probably answer your question then.

billwest
Posts: 150
Joined: 2006/11/19 10:50:31
Location: Perth, Western Australia

Re: Securing CentOS

Post by billwest » 2006/12/29 03:57:24

Kanlida,

Did you get this resolved?

You can install the package chkrootkit (vailable as an rpm).
Also, have a look at Bastille-Linux, a system hardening tool.

Bill.

jwalden
Posts: 4
Joined: 2007/01/04 19:00:27

Re: Securing CentOS

Post by jwalden » 2007/01/04 19:25:41

There's an excellent guide to hardening Linux at

http://www.puschitz.com/SecuringLinux.shtml

but you should wipe your system and start from scratch before beginning hardening, as it's impossible to be 100% certain you removed everything hidden via the rootkit.

Post Reply

Return to “CentOS 4 - Security Support”