CentOS 6 Minimal or Hardened Install
Solution 1
The US National Security Agency (NSA) provides guides for hardening Linux and other operating systems which may be of some help. Since CentOS is so similar to RedHat, you may be intrested in:
-
Guide to the Secure Configuration of Red Hat Enterprise Linux 5
- Hardening Tips for the Red Hat Enterprise Linux 5
Solution 2
The lightest install you can do will require Kickstart with the below option:
%packages --nobase
You will need to experiment to figure out what packages you will explicitly want to include after that. At minimum you'll probably want to include these just to get started.
%packages --nobase
openssh
openssh-server
yum
Regarding a secure/hardended install, DISA provides STIGs for Linux. It's hard to navigate, but it's out there... I hate linking, but it's too much to copy/paste here. Check this for a Kickstart with DISA STIGs. https://nazar.karan.org/cgit/bluecain/tree/ (secure-kickstart.cfg)
Solution 3
The bastille package helps you to harden your host step by step by asking questions and letting you make choices. It provides information about every step, so educating the user is a goal of the project, too.
Related videos on Youtube
John
Just a random person looking for ways to expand my knowledge and passion for technology.
Updated on September 18, 2022Comments
-
John over 1 year
I am working on building some new CentOs 6 servers and creating documentation for the installation of said servers. I would like to create a base CentOS 6 server install that would be light on the packages to reduce bloat by default. Additionally, I am looking for some common or industry practices in which to harden the server so that it can be used in production and online facing to the world. I am curious if there are any best practice guides, techniques, or steps that you use in performing such a task? Later, I would look at adding servers and sections to the documentation about using the server for web serving, database hosting, etc. For now, I am looking for a base server install.
-
John over 12 yearsThank you for the posting. Would I need to be worried about the differences between CentOS v5 and v6 since I am looking at CentOS v6?
-
becomingwisest over 12 years+1 for the secure-kickstart.cfg
-
Aaron Copley over 12 yearsFor the most part, no, don't be worried about the differences.
-
Nathan Basanese almost 9 years// , bastille-unix.org <<< this link is dead, mang.