Hardening CentOS 7

Support for security such as Firewalls and securing linux
ebadollahi
Posts: 6
Joined: 2017/03/09 22:52:13

Hardening CentOS 7

Postby ebadollahi » 2017/03/09 23:43:22

Hi guys,
I want provide hosting service to my customers through by WHMCS.
For implementing this, I want use 5 separate servers:
1- CentOS 7 minimal + MySQL (Only for use by WHMCS) in the safe zone
2- CentOS 7 minimal + MySQL (Only for use by customers) in the middle zone
3- Master DNS Server for internal network (Microsoft product). This DNS server has exist and I don't want change it to BIND in the middle zone
4- Master DNS Server for public (Microsoft product). This DNS server has exist and I don't want change it to BIND in the middle zone
5- CentOS 7 minimal + webserver + Slave DNS Server (BIND) in the DMZ

My Problem: What I should doing for hardening the CentOS servers in this scenario? I know, that exist more step and more solution, but I want know important actions for hardening CentOS in this scenario.
Note: I have 3 zone in my network: 1- Safe Zone 2- Middle Zone 3- DMZ (I have only one firewall on the edge and don't have any firewall between the zones)

tunk
Posts: 104
Joined: 2017/02/22 15:08:17

Re: Hardening CentOS 7

Postby tunk » 2017/03/10 13:59:43

Firewalls on the CentOS servers: only open essential ports, and also limit them to required subnets (e.g. ssh only on local subnet).

ebadollahi
Posts: 6
Joined: 2017/03/09 22:52:13

Re: Hardening CentOS 7

Postby ebadollahi » 2017/03/10 22:02:34

tunk wrote:Firewalls on the CentOS servers: only open essential ports, and also limit them to required subnets (e.g. ssh only on local subnet).

That mean, I should not be any do about hardening for CentOS?!

tunk
Posts: 104
Joined: 2017/02/22 15:08:17

Re: Hardening CentOS 7

Postby tunk » 2017/03/10 22:23:04

Are you asking if that's the only thing to do? I would guess that you could do a lot more.
One more thing I can suggest is to setup automatic updates on your CentOS servers.

User avatar
TrevorH
Forum Moderator
Posts: 19991
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Hardening CentOS 7

Postby TrevorH » 2017/03/11 00:15:54

CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

bayupermadi
Posts: 3
Joined: 2017/07/03 05:20:55

Re: Hardening CentOS 7

Postby bayupermadi » 2017/07/07 01:53:26

Hi @ebadollahi

You can use this link as your hardening guideline https://www.cisecurity.org/cis-benchmarks/.

You can download the CentOS guideline document. With this document you can track what you've done or haven't in your hardening activity

Bayu Permadi

hunter86_bg
Posts: 595
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Hardening CentOS 7

Postby hunter86_bg » 2017/07/11 21:03:31

You can always setup a vulnerability scanner on a temporary machine and scan everything in the zones. Thus , you will be able to pinpoint "weak" points - mainly general stuff that can provide some reconnaissance information for a possible attack.
P.S.: Always block root , or at least use:

Code: Select all

PermitRootLogin without-password

ddemchak
Posts: 12
Joined: 2017/07/31 13:01:52

Re: Hardening CentOS 7

Postby ddemchak » 2017/08/08 01:07:38

Some additional information for hardening:
I recommend at least setting up the base profiles for SELinux
https://wiki.centos.org/HowTos/SELinux




Also, here is a detailed guide on hardening : https://highon.coffee/blog/security-harden-centos-7/ ..and another which is more broad.
https://linux-audit.com/linux-server-ha ... e-systems/


Return to “CentOS 7 - Security Support”

Who is online

Users browsing this forum: No registered users and 1 guest