Linux Server Build Checklist: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
(Created page with " * THe purpose of the ser ver is clear * Who will use the server / via what ports? What services? * What software will be installed * minimal software stack is installed. unne...") |
No edit summary |
||
Line 16: | Line 16: | ||
* iptables / firewall. | * iptables / firewall. | ||
* server is monitored properly | * server is monitored properly | ||
* timestamp in bash history: "export HISTTIMEFORMAT='%F %T '" | |||
* Hardened ( http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf ) | * Hardened ( http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf ) | ||
* check list: ( http://security.utexas.edu/admin/redhat-linux.html ) | * check list: ( http://security.utexas.edu/admin/redhat-linux.html ) |
Revision as of 15:02, 17 June 2013
- THe purpose of the ser ver is clear
- Who will use the server / via what ports? What services?
- What software will be installed
- minimal software stack is installed. unneeded stuff removed ( bluetooth, gnome )
- Time services ( Ntp | PTP )
- Logging services
- ssh updated, and locked down ( no remore root, no version 1 protocol , keys only )
- open ssl updated
- kernel updated
- Password policy updated.
- update system working
- users defined and locked down.
- service list defined and locked done
- selinux setup as needed
- iptables / firewall.
- server is monitored properly
- timestamp in bash history: "export HISTTIMEFORMAT='%F %T '"
- Hardened ( http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf )
- check list: ( http://security.utexas.edu/admin/redhat-linux.html )