Hi folks, As a breather from the "thread-now-wider-than-my-headers-window-in-thunderbird" conversation re: mixing repos, I have a question regarding a machine I'm about to put online. :)
I run a web hosting company and my secondary (primary to the world) DNS box died from a massive rootkit/hack last night. It was running an old Slackware 9.1 installation and I will be completely cleaning those drives sector-by-sector. After which I'll be installing CentOS 5 on that hardware. As it will be a production server and this is my first foray into CentOS/SELinux in a production environment I was hoping to get a recommended list of what to include and, more specifically, what *not* to include from the distro CDs I will be doing a text based install, hoping to avoid the installation of X. Other than BIND and vsftpd, I don't think I need much. This machine will be pulling zone files from my primary web server and storing some archive files and backups for me. I'm dilligently R`ingTFMs, and will continue to.... I'd sure be appreciative of any jumpstart help and/or any pitfalls of which to be cognizant. ----------------------------------------------------------------- Sorry for my broken ass webmail, but I don't have access to a real mail client at the moment. Personally I would recommend against installing any service that isn't absolutely necessary. Such as FTP. On a DNS server, if that's all it is going to be, there is no need for FTP services. If you need to upload things to the server, use scp, which is a part of SSH. The install is going to add alot of services that you probably won't need on the server, such as sendmail. Shut down any service that you don't need. The fewer services running the fewer attack vectors. You will never get it "hack proof". What you will get is something that "script kiddies" may not bother with in favor of easier targets. Like the old saying goes, "You don't have to run faster than the cheetah. You just have to run faster than the man running next to you." I would also, if possible, disallow root logins to the server via SSH. Configure it so that you have to log in as a normal restricted user and then su to root. ------------------------------------------------------------------ TIA, ~Ray _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
