CentOS

I've been forced into using Linux / VPS since my hosting co. is on the verge of going bust, and I don't want to use shared hosting again, I'm setting up my hosting CP on a VPS. It does mean that this is all new for me. I've read a few bits about changiung SSh Port #, root access for both CentOS and MySQL etc.

Is there any such thing as a windows based tool that I can use on my home PC / Laptop which will configure CentOS for me so far as hardening is concerned ?. I'd like a tool that was question and answer based to collectup my input's then go off and configure CentOS for me - eg install the certifcated authentication, change the SSH Port to one I specify, setup firewall rules etc etc.

I could google for a tool, but the obvious risk is simply finding a tool which then phones home.

Thankyou
Christopher W.

Look here: http://www.webmin.com/

I have had never used, so I don't know it is OK or not.

Look at the links mentioned in viewtopic.php?t=61692#p260280

Thankyou all.

It looks as if securing SSH and the root user accounts are the two biggest "must do's". I'm assuming that suggestions to tweak the firewall mean CentOS's inbuilt firewall (and I'm still presuming it has one) since I doubt I can modify the physical firewall in front of my server as its a virtual server in a shared environment.

As a suggestions ( far be it for me to suggest), a linux app or windows app that allows a user to pick a templated set of hardening rules, which asks the user for input (eg for SSH port number to be, passwords to be etc) and other parameters chosen by the installer, making them unique and which could then be applied to a default CentOS7 install would be helpful to many. One could chose a "open server", something appropriate for most web-servers or "nailed to the floor" defaults, which can subsequently be further tweaked if required, but ideally wouldn't need much tweaking by most people.

My experience tends to be with managed switches / LAN&WAN etc. It hasn't gone un-noticed that many good brands (not necessarily the famous brands) have such good "default setups", that by and large I login, examine the config and conclude they've done a good job and little needs done beyond password & username changes. By contrast, the default CentOS7 seems rather weak and everyone says the first thing you need to do is change it, which suggest the default install is rather lacking. A famous software house's approach to security used to be "ship with everything blown wide open so it is easy to make work, but very hard to secure". this approach makes sales easier mind you, and market dominance follows sales.

Sinkorswim wrote: As a suggestions ( far be it for me to suggest), a linux app or windows app that allows a user to pick a templated set of hardening rules, which asks the user for input (eg for SSH port number to be, passwords to be etc) and other parameters chosen by the installer, making them unique and which could then be applied to a default CentOS7 install would be helpful to many.

There was a tool like that called Bastille, but the project is dead and the latest version of the software is 10 years old.

You could try Lynis, it won't do any actual hardening for you but it gives you suggestions on how to harden your system.

If you want complete overkill ... https://www.cisecurity.org/benchmark/centos_linux/