Educause Security Discussion mailing list archives
Re: Securing a public/open linux shell server
From: Harry Hoffman <hhoffman () IP-SOLUTIONS NET>
Date: Mon, 8 Jul 2013 14:50:31 -0400
Hi Kevin, Depending upon what your goal is you may want to enable selinux. To go a step further you may want to switch from a targeted policy to mls. If you're not familiar with the different policies this will give you a overview: https://fedoraproject.org/wiki/SELinux/Policies Cheers, Harry On 07/08/2013 01:43 PM, Lisciotti, Kevin wrote:
Does anyone have experience in setting up and securing a public/open linux shell server? This would be like the free shell servers you see listed on the Internet, such as arbornet.org or cyberspace.org. It could also be shell servers that you have at your institution used by students, faculty, vendors etc. What I'm looking for is a checklist or how-to specifically geared towards a Red Hat / CentOS based linux system. I know a lot of the standard OS security stuff, but would like more advanced information from someone who may have done something like this. Also, could you elaborate on issues you may have run into, and how you remediated them if possible? At the moment, I don't have any specific services in mind that would be offered from the shell. I know it would be helpful to know what services would be offered, but I'm looking more for baseline security steps that I can take in securing the server. Some ideas of things I'm looking for… * Implementing disk quotas * Limiting number of user processes * Limiting suid binaries * Installing minimum number of packages * Limiting/blocking outbound connectivity * Network isolation * Chroot users to home directory * Restricting access to binaries * Updating the system as often as possible * Don't install compilers or development tools I know I'm asking for a lot, but hopefully this gives you some ideas as to what I'm looking to achieve. Thanks, [cid:11485124-2204-4E24-B37B-86ED3EB288EC] :: Kevin Lisciotti, Senior Systems Specialist, RHCE, RHCSA :: University Information Technology Services (UITS) :: University of Massachusetts President's Office :: 774-455-7761 Office :: 774-455-7733 Fax :: klisciotti () umassp edu<mailto:klisciotti () umassp edu> University of Massachusetts : 333 South St. : Suite 400 : Shrewsbury, MA 01545 : www.massachusetts.edu<http://www.massachusetts.edu/>
Current thread:
- Securing a public/open linux shell server Lisciotti, Kevin (Jul 08)
- Re: Securing a public/open linux shell server Jason Gates (Jul 08)
- Re: Securing a public/open linux shell server Valdis Kletnieks (Jul 08)
- Re: Securing a public/open linux shell server Harry Hoffman (Jul 08)
- Re: Securing a public/open linux shell server Will Froning (Jul 08)
- Re: Securing a public/open linux shell server Lisciotti, Kevin (Jul 08)
- Re: Securing a public/open linux shell server Will Froning (Jul 08)
- Re: Securing a public/open linux shell server Everett, Alex D (Jul 08)