Florin Iliescu pravi:
> Helo,
>
> Can anybody help me with some procedures to secure a CentOS server? I am going to use it for receiving files over Internet with SFTP.
>
> Thank you,
>
> Florin
>
>
>
>
>
Hello Florin,
if I were you what I would do is:
1. Close all ports from outside except port 22 with iptables,
2. establish ssh key + user name and password authentication,
3. if you know from which IP's connections are coming then use
tcpwrappers (/etc/hosts.allow + /etc/hosts.deny) to allow sftp
connection from specific ip addresses,
4. Sftp use the same port than ssh. Actually it is subsystem of ssh so
users will be allowed to login to your system (will have shell on your
machine),
5. system should be up to date all the time,
6. IDS/IPS ....
> Helo,
>
> Can anybody help me with some procedures to secure a CentOS server? I am going to use it for receiving files over Internet with SFTP.
>
> Thank you,
>
> Florin
>
>
>
>
>
Hello Florin,
if I were you what I would do is:
1. Close all ports from outside except port 22 with iptables,
2. establish ssh key + user name and password authentication,
3. if you know from which IP's connections are coming then use
tcpwrappers (/etc/hosts.allow + /etc/hosts.deny) to allow sftp
connection from specific ip addresses,
4. Sftp use the same port than ssh. Actually it is subsystem of ssh so
users will be allowed to login to your system (will have shell on your
machine),
5. system should be up to date all the time,
6. IDS/IPS ....
These are just some thinks I would consider.
I hope it helps a little.
Best regards!
Jure
[ reply ]