Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

Any good CentOS 7 hardening scripts/instructions?

Any good CentOS 7 hardening scripts/instructions?

sumosumo Member
edited October 2014 in General

I'm giving CentOS 7 a try. Does anyone have good hardening scripts/instructions that they can recommend? I've primarily used Ubuntu and have scripts for that, but I haven't quite gotten them to work in CentOS.

Edit: Forgot to mention that I found a script from Limestone Networks and a tutorial from Goodhosting. They both seemed to take care of some basics, but wanted other opinions as well

Tagged:

Comments

  • BlanozBlanoz Member
    edited October 2014

    if [ -f /etc/redhat-release ] ; then echo Use Debian.

    :-P

    A mind that is stretched by a new experience can never go back to its old dimensions.

    Thanked by 1DalekOfSkaro
  • I thought most hosts use CentOS?

  • A lot of hosts (like us) use CentOS as its a nice easy and efficient distro.

    As for scripts, just have a good ol google and you should find anything you need ;)

    Ryan Wild - Superior Networks Founding Director
    Get your own custom VPS plan today here: https://www.superior-networks.com/billing/cart.php?a=add&pid=48

  • sumo said: I thought most hosts use CentOS?

    We use CentOS (Well, CloudLinux), only when it's absolutely necessary. 99% of the time for cPanel servers. Everything, Debian = <3

  • @Blanoz said: if [ -f /etc/redhat-release ] ; then echo Use Debian.

    Here is an example of why asking for advice on the Internet isn't always a good idea . . .

    Thanked by 2srvrpro sijie123
  • drserverdrserver Member, Host Rep

    change ssh port, enforce selinux,use ssh keys, disable direct root login

    http://linoxide.com/how-tos/linux-server-protection/

    Ping me if you need well priced production instance. Ask me about our new Enterprise cPanel hosting plans with unique features running on SanDisk Optimus MAX enterprise SSD SAS drives and our brand new managed Zimbra email accounts.

    Thanked by 1sumo
  • inb4 discussion about changing ssh port and why it's bad etc..

    OT: firewall anything incomming & outgoing you're not using; some IDS like fail2ban, keep stuff up to date and 1) KNOW what you are running or 2) contain the parts you are not sure about to a seperate environment

  • LESLES Member
    edited October 2014

    http://centminmod.com is great (CSF Firewall and some other nice stuff included)

    Edit: CentOS 7.0 support is coming soon

    Cheap VPS Deals ★ LowEndStock.com ★ | → Follow @ Twitter | ◆ Donate!

    Thanked by 1sumo
  • I made some instructions for CentOS beginners, but unfortunately they were for CentOS 6. Some parts will have changed due to systemd.

    IIRC the default firewall is mostly closed in CentOS (not wide open, like Debian), and SELinux is in enforcing mode by default.

    The bit about disabling password authentication and preventing root login still applies, though.

    Thanked by 1sumo
  • CentOS is a clone from RHEL, thus enterprise Linux. You supposed to be an enterprise level administrator to use it. That's why I always recommend debian for hobby use.

    Thanked by 1Amitz
  • AmitzAmitz Moderator

    That's the funniest thing I have read today.

    Community Rules | Rules for selling | LET Support Desk
    "Actually, throughout my life, my two greatest assets have been mental stability and being, like, really smart."

  • @drserver said: change ssh port, enforce selinux,use ssh keys, disable direct root login

    http://linoxide.com/how-tos/linux-server-protection/

    @drserver the SSH port is a no go

    As shown here

    @MCHPhil

    Life is better when you're smiling

  • @xDutchy said: inb4 discussion about changing ssh port and why it's bad etc..

    And it begins

    Life is better when you're smiling

  • k0nslk0nsl Member, Member without signature

    DrSSHPhil.

  • nexmark said: the SSH port is a no go

    Moving port does help to reduce noises in the log file.

    But yes I agree that it's not about security.

    © 2011-2017 eLohkCalb
  • ATHKATHK Member
    edited October 2014

    @eLohkCalb said: But yes I agree that it's not about security.

    In a way it is, since 22 is default/well known once changed your less susceptible to brute force password attacks.. that is if you haven't changed to SSH Keys..

  • @drserver @LES

    Thank you for the suggestions and the links, I'll take a look at them. Seems like not a whole lot of differences to Ubuntu. Should be an easy modification from my existing Ubuntu scripts.

    @bertan

    Do you have a link to your guide?

  • @sumo

    Do you have a link to your guide?

    Bear in mind I was trying to write something for complete beginners. It may be too simple for your purposes:

    http://members.shaw.ca/bertan/Virtual-Private-Server-VPS-Quick-Start-Guide.pdf

Sign In or Register to comment.