CentOS Linux box - Any way to secure the rest of the network?

Lord Chaos · 07-31-2008, 01:00 PM

I am setting up a CentOS server to test applications and setups for a live server elsewhere. The problem is that it will be located on my private network and therefor would give access to the physical network.

Is there any way to secure the server the other way around so those using the server will not have access to snoop on the physical network (the server has to go through the central switch sadly to be connected to the internet)?

**wmorri** · 08-04-2008, 07:14 PM

What server are you useing? Is it an Apache server, FTP, or other server. There are ways to secure any server from the server side. We just need to know what type of server it is.

Cheers!

Lord Chaos · 08-05-2008, 01:22 PM

I mean the entire thing. Its a linux server that others outside would have root access to. So basically anything could be run on it.

Is there a way to secure this?

**wmorri** · 08-05-2008, 03:30 PM

Take a look at this How To it has some good ideas: CentOS

Cheers!

lensman3 · 08-06-2008, 07:10 PM

You could set up a iptables firewall and limit the port access there. Since the server is inside your private network, then just permit machines from a specific IP network. Close all the inbound ports except for ssh and port 80 (or whatever is needed).

Take a look at "/etc/hosts.allow". There is a tcpwrappers program that can limit access.

Don't run your test programs as root. Create a user and group with lower privileges and take a look at the "chroot" program to lock users into a very restricted file system (Look at the bind (named) and dns programs for a good example of the chroot setup.) As a last set, setup quotas so that if your system is hijacked, then not much disk can be commanded.

Hope this helps.

07-31-2008, 01:00 PM	#1 (permalink)
Lord Chaos Registered User Join Date: Jan 2005 Posts: 188 OS: XP SP3 and Vista SP1	CentOS Linux box - Any way to secure the rest of the network? I am setting up a CentOS server to test applications and setups for a live server elsewhere. The problem is that it will be located on my private network and therefor would give access to the physical network. Is there any way to secure the server the other way around so those using the server will not have access to snoop on the physical network (the server has to go through the central switch sadly to be connected to the internet)?

08-04-2008, 07:14 PM	#2 (permalink)
wmorri Moderator/Fedora Amb. Join Date: May 2008 Location: /pm/etc Posts: 2,821 OS: Window 7/Fedora 10 My System	Re: CentOS Linux box - Any way to secure the rest of the network? What server are you useing? Is it an Apache server, FTP, or other server. There are ways to secure any server from the server side. We just need to know what type of server it is. Cheers! __________________ Linux Forever!

08-05-2008, 01:22 PM	#3 (permalink)
Lord Chaos Registered User Join Date: Jan 2005 Posts: 188 OS: XP SP3 and Vista SP1	Re: CentOS Linux box - Any way to secure the rest of the network? I mean the entire thing. Its a linux server that others outside would have root access to. So basically anything could be run on it. Is there a way to secure this?

08-05-2008, 03:30 PM	#4 (permalink)
wmorri Moderator/Fedora Amb. Join Date: May 2008 Location: /pm/etc Posts: 2,821 OS: Window 7/Fedora 10 My System	Re: CentOS Linux box - Any way to secure the rest of the network? Take a look at this How To it has some good ideas: CentOS Cheers! __________________ Linux Forever!

08-06-2008, 07:10 PM	#5 (permalink)
lensman3 Registered User Join Date: Oct 2007 Location: Littleton, Colorado USA Posts: 470 OS: xp 64 sp2 Fedora Core 8 (vmware xp core 8 x32) Minix	Re: CentOS Linux box - Any way to secure the rest of the network? You could set up a iptables firewall and limit the port access there. Since the server is inside your private network, then just permit machines from a specific IP network. Close all the inbound ports except for ssh and port 80 (or whatever is needed). Take a look at "/etc/hosts.allow". There is a tcpwrappers program that can limit access. Don't run your test programs as root. Create a user and group with lower privileges and take a look at the "chroot" program to lock users into a very restricted file system (Look at the bind (named) and dns programs for a good example of the chroot setup.) As a last set, setup quotas so that if your system is hijacked, then not much disk can be commanded. Hope this helps.