Linux Server Build Checklist: Difference between revisions

From Federal Burro of Information
Jump to navigationJump to search
(Created page with " * THe purpose of the ser ver is clear * Who will use the server / via what ports? What services? * What software will be installed * minimal software stack is installed. unne...")
 
No edit summary
Line 16: Line 16:
* iptables / firewall.
* iptables / firewall.
* server is monitored properly
* server is monitored properly
* timestamp in bash history: "export HISTTIMEFORMAT='%F %T '"
* Hardened ( http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf )
* Hardened ( http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf )
* check list: ( http://security.utexas.edu/admin/redhat-linux.html )
* check list: ( http://security.utexas.edu/admin/redhat-linux.html )

Revision as of 15:02, 17 June 2013

  • THe purpose of the ser ver is clear
  • Who will use the server / via what ports? What services?
  • What software will be installed
  • minimal software stack is installed. unneeded stuff removed ( bluetooth, gnome )
  • Time services ( Ntp | PTP )
  • Logging services
  • ssh updated, and locked down ( no remore root, no version 1 protocol , keys only )
  • open ssl updated
  • kernel updated
  • Password policy updated.
  • update system working
  • users defined and locked down.
  • service list defined and locked done
  • selinux setup as needed
  • iptables / firewall.
  • server is monitored properly
  • timestamp in bash history: "export HISTTIMEFORMAT='%F %T '"
  • Hardened ( http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf )
  • check list: ( http://security.utexas.edu/admin/redhat-linux.html )