CentOS 6 Minimal or Hardened Install

centos installation centos6 hardening
6,774

Solution 1

The US National Security Agency (NSA) provides guides for hardening Linux and other operating systems which may be of some help. Since CentOS is so similar to RedHat, you may be intrested in:

Solution 2

The lightest install you can do will require Kickstart with the below option:

%packages --nobase

You will need to experiment to figure out what packages you will explicitly want to include after that. At minimum you'll probably want to include these just to get started.

%packages --nobase
openssh
openssh-server
yum

Regarding a secure/hardended install, DISA provides STIGs for Linux. It's hard to navigate, but it's out there... I hate linking, but it's too much to copy/paste here. Check this for a Kickstart with DISA STIGs. https://nazar.karan.org/cgit/bluecain/tree/ (secure-kickstart.cfg)

Solution 3

The bastille package helps you to harden your host step by step by asking questions and letting you make choices. It provides information about every step, so educating the user is a goal of the project, too.

Share:
6,774

Related videos on Youtube

John
Author by

John

Just a random person looking for ways to expand my knowledge and passion for technology.

Updated on September 18, 2022

Comments

  • John
    John over 1 year

    I am working on building some new CentOs 6 servers and creating documentation for the installation of said servers. I would like to create a base CentOS 6 server install that would be light on the packages to reduce bloat by default. Additionally, I am looking for some common or industry practices in which to harden the server so that it can be used in production and online facing to the world. I am curious if there are any best practice guides, techniques, or steps that you use in performing such a task? Later, I would look at adding servers and sections to the documentation about using the server for web serving, database hosting, etc. For now, I am looking for a base server install.

  • John
    John over 12 years
    Thank you for the posting. Would I need to be worried about the differences between CentOS v5 and v6 since I am looking at CentOS v6?
  • becomingwisest
    becomingwisest over 12 years
    +1 for the secure-kickstart.cfg
  • Aaron Copley
    Aaron Copley over 12 years
    For the most part, no, don't be worried about the differences.
  • Nathan Basanese
    Nathan Basanese almost 9 years
    // , bastille-unix.org <<< this link is dead, mang.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

how to install docker-ce 17+ on centos 6.9?
Installing latest mono on Centos 6
Delete mails from send mail mailing queue
Package Requires: libcurl.so.3
Access denied for user 'root@localhost' (using password: YES)
PHP 5.3.8, JSON & CentOS 6
How to fix local IP in Nat Configuration on WHM/Cpanel on Centos 6 on Google Compute Engine
How to install docker-ce without internet and intranet yum repository?
Starting Jenkins bash: /usr/bin/java: No such file or directory
How to install docker 1.9+ in CentOS 6.5?