Re: Hardening CentOS



Florin Iliescu pravi:
Helo,

Can anybody help me with some procedures to secure a CentOS server? I am going to use it for receiving files over Internet with SFTP.

Thank you,

Florin




Hello Florin,

if I were you what I would do is:
1. Close all ports from outside except port 22 with iptables,
2. establish ssh key + user name and password authentication,
3. if you know from which IP's connections are coming then use tcpwrappers (/etc/hosts.allow + /etc/hosts.deny) to allow sftp connection from specific ip addresses,
4. Sftp use the same port than ssh. Actually it is subsystem of ssh so users will be allowed to login to your system (will have shell on your machine),
5. system should be up to date all the time,
6. IDS/IPS ....

These are just some thinks I would consider.

I hope it helps a little.

Best regards!

Jure



Relevant Pages

  • Connection refused when using sftp
    ... I am using winssh 3 server on windows 2000 server. ... When I used my linux box i can ssh to it fine. ... However when I do sftp I get connection refused. ... originating port will not be ...
    (comp.security.ssh)
  • Re: tls
    ... This machine is behind a firewall and to be able to make ssh, ... add to ask to have the ssh port open. ... I probably need to learn more how to use sftp for having best secure transfers ...
    (Fedora)
  • Re: tls
    ... This machine is behind a firewall and to be able to make ssh, ... add to ask to have the ssh port open. ... If not, SFTP provides the same ...
    (Fedora)
  • Re: How to get sftp more secure?
    ... SSH is good to use, but it lead out one safety question, if you keep port ... '22' open, someone may use sftp to transfer data, it's not permited in our ... To disable sftp, you can eliminate the Subsystem sftp line from ...
    (comp.os.linux.security)