Results 1 to 8 of 8
  1. #1

    Security tutorials from newbie to pro

    Hi guys

    I'm looking for tutorials about security on Linux CentOS servers.
    I'm a total newbie and I would like to find tutorials that start from the very basics and that gradually get more and more advanced.

    Thanks for the help !

  2. #2
    Join Date
    Jul 2003
    Goleta, CA
    5,550 has some tutorials. They might be a little out of date though. If you are doing this in a production environment get some management services to secure your box.
    Patron: I'd like my free lunch please.
    Cafe Manager: Free lunch? Did you read the fine print stating it was an April Fool's joke.
    Patron: I read the same way I listen, I ignore the parts I don't agree with. I'm suing you for false advertising.
    Cafe Owner: Is our lawyer still working pro bono?

  3. #3
    Thanks pixelized,

    I don't know what you mean exactly by "production environment", but in my case, as I'm developping websites that I hope will gain some popularity in the future, I would like to make sure that those projects are secure enough. Frankly speaking, until now, I think that the security on my VPS is quite minimalistic. And I would like to change that without high cost.

  4. #4
    sleidia, if your site's security is breached and it's live (production), then you would need to add security using a management service, especially when coming from newbie status. There's a lot to learn about security; this forum is helpful but is also useful. You can always google for specific error messages or concerns and there's likely a script or tool/command that can help you resolve the problems.

    But what do you mean by "until now?" If you get a fully managed VPS (or fully managed dedicated server), you do have a little more of a cushion in terms of security breaches but you still are the ultimate responsible party in security of your server and sites. That said, I hope you opt for offsite backups as well.

  5. #5
    Join Date
    Jul 2006
    Off the top of my head for a newbie...

    The general idea is.
    - Every line of code is potentially flawed with regards security and
    - All configurations might be flawed.

    So what you want to do is reduce to a minimum the amount of code exposed to the outside world.

    (A box with mysql, ntp, ssh, http and finger)

    - First switch off everything you don't need on the box
    (disable finger)
    (disable modules in http you don't use)
    - Modify settings so that ports arn't exposed.
    (modify mysql so it only listens on localhost)
    - Protect the items above you can't switch off
    (firewall ntp so that you only accept packet from your ntp servers and clients)
    (firewall ssh so only ip address you trust can connect)
    - Now go through everything that is still exposed and make sure the configurations are as secure as possible.
    (ssh protocol version 2, are your dynamic web pages written so they won't accept garbage?)
    - Keep everything on the box updated with the latest versions.

    This isn't a complete list by any means but hopefully it helps you understand what you are aiming for.

    Secure your server with

  6. #6
    Thanks a lot for the helpful info, rat0042 ! That's really appreciated

    Also, I've read in the past that there are open source applications whose purpose is to detect possible security breaches on your server.

    I think I should start there.

  7. #7
    Join Date
    May 2006
    Hi, I have posted some centos security tutorials on here and for basic security such as mod security, brute force protection, dos protection and more.
    Don't rely on scanners and such besides checking occasionally for rootkits, security and vuln scanners are frequently wrong. use a general setup of apf, bfd, dos deflate, and mod security while keeping a sensible configuration such as php and your server will be pretty secure.

  8. #8


    Quote Originally Posted by sleidia
    Thanks a lot for the helpful info, rat0042 ! That's really appreciated
    You're welcome. I'm glad my comments were useful to you.

    Anyway, adding finger to a server is never a good idea because then someone can finger you on the server and find out what logons to attempt to exploit.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts