Server hardening for a Newbie - Any Tools

Support for security such as Firewalls and securing linux
Post Reply
Sinkorswim
Posts: 2
Joined: 2018/03/06 18:43:19

Server hardening for a Newbie - Any Tools

Post by Sinkorswim » 2018/03/06 19:10:02

I've been forced into using Linux / VPS since my hosting co. is on the verge of going bust, and I don't want to use shared hosting again, I'm setting up my hosting CP on a VPS. It does mean that this is all new for me. I've read a few bits about changiung SSh Port #, root access for both CentOS and MySQL etc.

Is there any such thing as a windows based tool that I can use on my home PC / Laptop which will configure CentOS for me so far as hardening is concerned ?. I'd like a tool that was question and answer based to collectup my input's then go off and configure CentOS for me - eg install the certifcated authentication, change the SSH Port to one I specify, setup firewall rules etc etc.

I could google for a tool, but the obvious risk is simply finding a tool which then phones home.

Thankyou
Christopher W.

mghe
Posts: 766
Joined: 2015/11/24 12:04:43
Location: Katowice, Poland

Re: Server hardening for a Newbie - Any Tools

Post by mghe » 2018/03/07 07:16:19

Look here: http://www.webmin.com/

I have had never used, so I don't know it is OK or not.

pjsr2
Posts: 614
Joined: 2014/03/27 20:11:07

Re: Server hardening for a Newbie - Any Tools

Post by pjsr2 » 2018/03/07 15:28:24

Look at the links mentioned in viewtopic.php?t=61692#p260280

Sinkorswim
Posts: 2
Joined: 2018/03/06 18:43:19

Re: Server hardening for a Newbie - Any Tools

Post by Sinkorswim » 2018/03/08 20:38:12

Thankyou all.

It looks as if securing SSH and the root user accounts are the two biggest "must do's". I'm assuming that suggestions to tweak the firewall mean CentOS's inbuilt firewall (and I'm still presuming it has one) since I doubt I can modify the physical firewall in front of my server as its a virtual server in a shared environment.

As a suggestions ( far be it for me to suggest), a linux app or windows app that allows a user to pick a templated set of hardening rules, which asks the user for input (eg for SSH port number to be, passwords to be etc) and other parameters chosen by the installer, making them unique and which could then be applied to a default CentOS7 install would be helpful to many. One could chose a "open server", something appropriate for most web-servers or "nailed to the floor" defaults, which can subsequently be further tweaked if required, but ideally wouldn't need much tweaking by most people.

My experience tends to be with managed switches / LAN&WAN etc. It hasn't gone un-noticed that many good brands (not necessarily the famous brands) have such good "default setups", that by and large I login, examine the config and conclude they've done a good job and little needs done beyond password & username changes. By contrast, the default CentOS7 seems rather weak and everyone says the first thing you need to do is change it, which suggest the default install is rather lacking. A famous software house's approach to security used to be "ship with everything blown wide open so it is easy to make work, but very hard to secure". this approach makes sales easier mind you, and market dominance follows sales.

markkuk
Posts: 739
Joined: 2007/09/07 10:56:28
Location: Finland

Re: Server hardening for a Newbie - Any Tools

Post by markkuk » 2018/03/09 11:55:44

Sinkorswim wrote: As a suggestions ( far be it for me to suggest), a linux app or windows app that allows a user to pick a templated set of hardening rules, which asks the user for input (eg for SSH port number to be, passwords to be etc) and other parameters chosen by the installer, making them unique and which could then be applied to a default CentOS7 install would be helpful to many.
There was a tool like that called Bastille, but the project is dead and the latest version of the software is 10 years old.

You could try Lynis, it won't do any actual hardening for you but it gives you suggestions on how to harden your system.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Server hardening for a Newbie - Any Tools

Post by TrevorH » 2018/03/09 14:30:59

If you want complete overkill ... https://www.cisecurity.org/benchmark/centos_linux/
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply