Author Topic: Server Hardening Checklist for Red Hat (Read 655 times)

Adi Sunardy · « **on:** February 04, 2009, 01:20:54 PM »

Sebagai seorang sysadmin, kita diharuskan untuk selalu memperhatikan sisi sekuriti dari server-server yang kita administering...(halah, gak tau benar apa gak istilahnya neh

)

Beberapa rekomendasi checklist yang bisa kita gunakan sebagai referensi dapat dilihat di sini: You are not allowed to view links. Register or Login

Untuk Operating System yang lain bisa di cek disini:

You are not allowed to view links. Register or Login
You are not allowed to view links. Register or Login
You are not allowed to view links. Register or Login
You are not allowed to view links. Register or Login

Untuk mengaplikasikan standar sekuriti tersebut, di Red Hat Linux, kita bisa saja melakukannya dengan script bash sederhana, seperti contoh:

Code: You are not allowed to view links. Register or Login

#setup time out in /etc/profile;
cp /etc/profile /etc/profile.orig;
echo "TMOUT=600" >> /etc/profile;
echo "export TMOUT" >> /etc/profile;

#setup /etc/bashrc;
cp /etc/bashrc /etc/bashrc.orig;
sed 's/umask 002/umask 027/g' /etc/bashrc > /tmp/buffer;
cat /tmp/buffer > /etc/bashrc;
sed 's/umask 022/umask 027/g' /etc/bashrc > /tmp/buffer;
cat /tmp/buffer > /etc/bashrc;

#setup /etc/ntp.conf;
cp /etc/ntp.conf /etc/ntp.conf.orig;
sed '/server/d' /etc/ntp.conf > /tmp/buffer;
cat /tmp/buffer > /etc/ntp.conf;
echo "server ntp.domain.com" >> /etc/ntp.conf;

#setup /etc/syslog.conf;
cp /etc/syslog.conf /etc/syslog.conf.orig;
echo "*.info    syslog.domain.com" >> /etc/syslog.conf;

#setup /etc/resolv.conf;
cp /etc/resolv.conf /etc/resolv.conf.orig;
echo "search domain.com" > /etc/resolv.conf;
echo "nameserver dns1.domain.com" >> /etc/resolv.conf;
echo "nameserver dns2.domain.com" >> /etc/resolv.conf;

#disabled unimportant service;
chkconfig sendmail off;
chkconfig vsftpd off;
chkconfig telnet off;
chkconfig bluetooth off;
chkconfig cpuspeed off;
chkconfig cups off;

#disable PermitRootLogin /etc/ssh/sshd_config
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig;
sed 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config > /tmp/buffer;
cat /tmp/buffer > /etc/ssh/sshd_config;

Konfigurasi di atas bisa disesuaikan dengan kebutuhan atau requirement di masing-masing network environtment. (Susah euy...kalau istilah-istilah IT di Indonesiakan...kira-kira bisa diartikan sebagai Lingkungan Kerja).

You are not allowed to view links. Register or Login

lili · « **Reply #1 on:** February 15, 2009, 11:57:26 PM »

Guys (Admin), do you apply the security system in this forum?

Adi Sunardy · « **Reply #2 on:** February 16, 2009, 08:52:42 AM »

Security system di forum ini lebih mengacu ke standar Securitynya SMF. Ditambah hardening di beberapa sisi dengan perubahan-perubahan modul.

Untuk security yang dimaksud diatas, tidak bisa kita yang olah...server nya kan bukan punya kita

kita cuma kebagian hosting (web server) yang securitynya mengacu (inhirited) dari main server. Tapi sepengetahuan aku termasuk hasil ngobrol sama yang punya server, securitynya bisa dikasih poin 7 lah....

Untuk SMF sendiri, kita terus memantau perkembangannya di forum-forum SMF mengenai security, bug dan updatenya.

Kalau Bu Lili punya issue mengenai security ini, terutama mengenai SMF, sudi kiranya menginformasikannya kepada kita sehingga bisa di follow up...thx ya...

In a forum (BBCode)	[url=http://forum.elektro-unsyiah.net/index.php?topic=154.0]Server Hardening Checklist for Red Hat [/url]
In a site/blog (HTML)	<a href="http://forum.elektro-unsyiah.net/nix-linux--bsd/server-hardening-checklist-for-red-hat/">Server Hardening Checklist for Red Hat </a>

Subject / Started by	Replies	Last post
Photo shooting checklist for panoramas Started by staff forum EUS Personal Blogs	0 Replies 133 Views	July 03, 2010, 01:07:41 PM by staff forum EUS
How To Build An Open Source FreeNAS Server Started by staff forum EUS Personal Blogs	0 Replies 182 Views	July 23, 2010, 07:05:11 AM by staff forum EUS
Mac OS X Server v10.6: Push Notification Server and supported applications Started by staff forum EUS Apple Feeds	0 Replies 386 Views	December 23, 2010, 07:37:10 PM by staff forum EUS
Mac OS X Server: Mac OS X Server v10.6.6 update does not appear in Software Update Started by staff forum EUS Apple Feeds	0 Replies 211 Views	January 17, 2011, 01:09:28 AM by staff forum EUS
PHP now has its own web server Started by Forum Poster Personal Blogs	0 Replies 29 Views	March 06, 2012, 07:03:04 PM by Forum Poster

Elektro Unsyiah Society - Forum

Author Topic: Server Hardening Checklist for Red Hat (Read 655 times)

Adi Sunardy

Server Hardening Checklist for Red Hat

lili

Re: Server Hardening Checklist for Red Hat

Adi Sunardy

Re: Server Hardening Checklist for Red Hat

Related Topics