- Only install the packages and components you require for your hosts. Any host build should start from the Red Hat 'minimal' build and then add any required additional packages.
- Update your hosts frequently and ensure any known vulnerabilities are addressed using patching, updates or workarounds.
- Remove any unneeded users and groups. Also change the passwords of, and preferably lock, any user accounts which do not need to log in. Remember to chose strong passwords and change them on a regular basis.
- Remove any unnecessary process, daemons or services. Red Hat comes with a number of services you probably don't need, for example, unless you need NFS you should disable it and any related services.
- Firewall your hosts and your network. Install a firewall such as iptables to your host and secure it. Install a firewall between your hosts and any external networks. Ensure you firewall both incoming and outgoing traffic so as to only allow those services and daemons which you actually require to send and receive traffic on your host.
- Secure incoming connections to your hosts. This includes tools such as ssh where you should, for example, disallow root logins. This also applies to securing services, such as mail, which you might want to allow through your firewalling. Limit access to these services to the resources, hosts and networks that require them.
- Install network- and host-based Intrusion Detection Systems (HIDS) and/or integrity checking application such as Tripwire on hosts.
- Look at hardening the base operating system and kernel of your hosts with additions such as Security Enhanced Linux or Openwall.
- Log. Log some more. And then sort, correlate, alert and -- most importantly --review your logs and alerts.
- Review Red Hat's security announcements and general Linux security lists for vulnerabilities or bugs relevant to your hosts. Awareness is the first step in prevention.
Related Q&A from James Turnbull
A user wants to implement OSSEC on a Windows server because he has no server side Linux operating system.continue reading
Solaris 10 Trusted Extensions and SELinux are best suited to different system requirements and administrator skill sets. Our security expert explains...continue reading
Configuring spam filters Spamassassin and dspam together in the email server Postfix is easy with the resources listed by our security expert.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.