Tech Support Forum - View Single Post - CentOS Linux box - Any way to secure the rest of the network?

lensman3 · 08-06-2008, 06:10 PM

You could set up a iptables firewall and limit the port access there. Since the server is inside your private network, then just permit machines from a specific IP network. Close all the inbound ports except for ssh and port 80 (or whatever is needed).

Take a look at "/etc/hosts.allow". There is a tcpwrappers program that can limit access.

Don't run your test programs as root. Create a user and group with lower privileges and take a look at the "chroot" program to lock users into a very restricted file system (Look at the bind (named) and dns programs for a good example of the chroot setup.) As a last set, setup quotas so that if your system is hijacked, then not much disk can be commanded.

Hope this helps.

08-06-2008, 06:10 PM	#5 (permalink)
lensman3 Registered User Join Date: Oct 2007 Location: Littleton, Colorado USA Posts: 470 OS: xp 64 sp2 Fedora Core 8 (vmware xp core 8 x32) Minix	Re: CentOS Linux box - Any way to secure the rest of the network? You could set up a iptables firewall and limit the port access there. Since the server is inside your private network, then just permit machines from a specific IP network. Close all the inbound ports except for ssh and port 80 (or whatever is needed). Take a look at "/etc/hosts.allow". There is a tcpwrappers program that can limit access. Don't run your test programs as root. Create a user and group with lower privileges and take a look at the "chroot" program to lock users into a very restricted file system (Look at the bind (named) and dns programs for a good example of the chroot setup.) As a last set, setup quotas so that if your system is hijacked, then not much disk can be commanded. Hope this helps.