Re: Hardening CentOS

Florin Iliescu pravi:
Helo,

Can anybody help me with some procedures to secure a CentOS server? I am going to use it for receiving files over Internet with SFTP.

Thank you,

Florin




Hello Florin,

if I were you what I would do is:
1. Close all ports from outside except port 22 with iptables,
2. establish ssh key + user name and password authentication,
3. if you know from which IP's connections are coming then use tcpwrappers (/etc/hosts.allow + /etc/hosts.deny) to allow sftp connection from specific ip addresses,
4. Sftp use the same port than ssh. Actually it is subsystem of ssh so users will be allowed to login to your system (will have shell on your machine),
5. system should be up to date all the time,
6. IDS/IPS ....

These are just some thinks I would consider.

I hope it helps a little.

Best regards!

Jure

Relevant Pages

  • Connection refused when using sftp
    ... I am using winssh 3 server on windows 2000 server. ... When I used my linux box i can ssh to it fine. ... However when I do sftp I get connection refused. ... originating port will not be ...
    (comp.security.ssh)
  • Re: How to get sftp more secure?
    ... SSH is good to use, but it lead out one safety question, if you keep port ... '22' open, someone may use sftp to transfer data, it's not permited in our ... To disable sftp, you can eliminate the Subsystem sftp line from ...
    (comp.os.linux.security)
  • SFTP without SSH session access
    ... Right, he closes port 23 on the router, leaving ... suppose I have SSH (session) and SFTP access to my system. ...
    (SSH)
  • Re: SFTP working but not SSH
    ... Administrator on the host side has to open the SSH port for me. ... Yes Can the port for SSH and SFTP be the same? ...
    (comp.security.ssh)
  • Re: SFTP working but not SSH
    ... Yes Can the port for SSH and SFTP be the same? ... the server must run a program. ...
    (comp.security.ssh)