Red Hat Linux Server Hardening

Server hardening, or the ongoing process of keeping servers secure and defended against attack, is an essential task. It is achieved by having appropriate security software installed, and by having proper plans and procedures in place to deal with any issues that might come up. It is also essential that security software is updated routinely, and plans and procedures are continually reviewed in the light of any new developments - the recent OpenSSL Heartbleed issue is a perfect example.

General Principles

  • All data transmitted over the network - particularly authentication information such as passwords - should be encrypted.
  • Minimize vulnerability by only installing software necessary for the server to function. Anything else should be removed.
  • Security software and tools, such as SELinux and IPTables should be used.
  • Run different services on different servers if possible. This limits the impact of a compromise to the system.
  • Control and maintain user accounts.
    • Create a password policy and enforce its use.
    • Delete old or unused user accounts.
  • System and application logs should be reviewed on a routine basis.
    • Keep a dedicated log server and send logs to it instead of, or as well as, keeping logs on the local server. Intruders may try to avoid detection by modifying the local logs, but will find it more difficult to modify logs on a remote server, if they even realize it is there.
    • Automate the review process and alert if anything untoward comes up. 
  • Unless it is absolutely necessary, nobody should ever log in directly as root.
    • If administrators need to execute commands as root, they should use sudo.
  • Use Kickstart to build new servers with all necessary security measures built in.
The following series of articles examines various principles and steps for hardening of Red Hat Linux servers, although for the most part, it can be applied to any flavour of Linux.


No comments :

Post a Comment

Subscribe to: Posts ( Atom )