Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Any good CentOS 7 hardening scripts/instructions?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Any good CentOS 7 hardening scripts/instructions?

sumosumo Member
edited October 2014 in General

I'm giving CentOS 7 a try. Does anyone have good hardening scripts/instructions that they can recommend? I've primarily used Ubuntu and have scripts for that, but I haven't quite gotten them to work in CentOS.

Edit: Forgot to mention that I found a script from Limestone Networks and a tutorial from Goodhosting. They both seemed to take care of some basics, but wanted other opinions as well

Comments

  • BlanozBlanoz Member
    edited October 2014

    if [ -f /etc/redhat-release ] ; then
    echo Use Debian.

    :-P

    Thanked by 1DalekOfSkaro
  • I thought most hosts use CentOS?

  • A lot of hosts (like us) use CentOS as its a nice easy and efficient distro.

    As for scripts, just have a good ol google and you should find anything you need ;)

  • sumo said: I thought most hosts use CentOS?

    We use CentOS (Well, CloudLinux), only when it's absolutely necessary. 99% of the time for cPanel servers. Everything, Debian = <3

  • @Blanoz said:
    if [ -f /etc/redhat-release ] ; then
    echo Use Debian.

    Here is an example of why asking for advice on the Internet isn't always a good idea . . .

    Thanked by 2srvrpro sijie123
  • drserverdrserver Member, Host Rep

    change ssh port, enforce selinux,use ssh keys, disable direct root login

    http://linoxide.com/how-tos/linux-server-protection/

    Thanked by 1sumo
  • inb4 discussion about changing ssh port and why it's bad etc..

    OT: firewall anything incomming & outgoing you're not using; some IDS like fail2ban, keep stuff up to date and 1) KNOW what you are running or 2) contain the parts you are not sure about to a seperate environment

  • LESLES Member
    edited October 2014

    http://centminmod.com is great (CSF Firewall and some other nice stuff included)

    Edit: CentOS 7.0 support is coming soon

    Thanked by 1sumo
  • I made some instructions for CentOS beginners, but unfortunately they were for CentOS 6. Some parts will have changed due to systemd.

    IIRC the default firewall is mostly closed in CentOS (not wide open, like Debian), and SELinux is in enforcing mode by default.

    The bit about disabling password authentication and preventing root login still applies, though.

    Thanked by 1sumo
  • CentOS is a clone from RHEL, thus enterprise Linux. You supposed to be an enterprise level administrator to use it. That's why I always recommend debian for hobby use.

    Thanked by 1Amitz
  • That's the funniest thing I have read today.

  • @drserver said:
    change ssh port, enforce selinux,use ssh keys, disable direct root login

    http://linoxide.com/how-tos/linux-server-protection/

    @drserver the SSH port is a no go

    As shown here

    @MCHPhil

  • @xDutchy said:
    inb4 discussion about changing ssh port and why it's bad etc..

    And it begins

  • DrSSHPhil.

  • nexmark said: the SSH port is a no go

    Moving port does help to reduce noises in the log file.

    But yes I agree that it's not about security.

  • ATHKATHK Member
    edited October 2014

    @eLohkCalb said:
    But yes I agree that it's not about security.

    In a way it is, since 22 is default/well known once changed your less susceptible to brute force password attacks.. that is if you haven't changed to SSH Keys..

  • @drserver @LES

    Thank you for the suggestions and the links, I'll take a look at them. Seems like not a whole lot of differences to Ubuntu. Should be an easy modification from my existing Ubuntu scripts.

    @bertan

    Do you have a link to your guide?

  • @sumo

    Do you have a link to your guide?

    Bear in mind I was trying to write something for complete beginners. It may be too simple for your purposes:

    http://members.shaw.ca/bertan/Virtual-Private-Server-VPS-Quick-Start-Guide.pdf

Sign In or Register to comment.