Editing Linux/RHEL
From Bibliotheca Anonoma
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 7: | Line 7: | ||
* RHEL uses the YUM package manager, and RPMs as package files. | * RHEL uses the YUM package manager, and RPMs as package files. | ||
* RHEL 7 will remain supported as the main version until 2019. | * RHEL 7 will remain supported as the main version until 2019. | ||
* SELinux is used as the primary Mandatory Access Control System | * SELinux is used as the primary Mandatory Access Control System. | ||
* Systemd is used as the primary initscript system. | * Systemd is used as the primary initscript system. | ||
Line 24: | Line 24: | ||
# First, make sure to disable password authentication and use an SSH key to log in. Since SSH keys authenticate with asymmetric encryption, they cannot be brute forced by an attacker. | # First, make sure to disable password authentication and use an SSH key to log in. Since SSH keys authenticate with asymmetric encryption, they cannot be brute forced by an attacker. | ||
# Next, change the SSH port from 22 and make sure to register this change with SELinux. Although all this does is hide the login port, it goes a long way to stopping automated SSH bots which try the basic ports and then leave. | # Next, change the SSH port from 22 and make sure to register this change with SELinux. Although all this does is hide the login port, it goes a long way to stopping automated SSH bots which try the basic ports and then leave. | ||
=== Tools worth Using === | === Tools worth Using === | ||
* [[SELinux]] - Mandatory Access Control, to stop exploits by preventing applications from exhibiting unauthorized behavior, even if they have root access. | * [[SELinux]] - Mandatory Access Control, to stop exploits by preventing applications from exhibiting unauthorized behavior, even if they have root access. | ||
* [[Fail2Ban]] - Looks out for malicious or excessive SSH login attempts and then bans them. | * [[Fail2Ban]] - Looks out for malicious or excessive SSH login attempts and then bans them. | ||
--- | --- | ||
* [https://www.tecmint.com/security-and-hardening-centos-7-guide/ Part 1: Basic Bare Metal Security] - Fix the gaping holes in security in hardware and system setup before moving on to the software fixes. | * [https://www.tecmint.com/security-and-hardening-centos-7-guide/ Part 1: Basic Bare Metal Security] - Fix the gaping holes in security in hardware and system setup before moving on to the software fixes. | ||
* [https://www.tecmint.com/centos-7-hardening-and-security-guide/ Part 2: Advanced Software Security] - Software level methods to harden CentOS | * [https://www.tecmint.com/centos-7-hardening-and-security-guide/ Part 2: Advanced Software Security] - Software level methods to harden CentOS |