Secure CentOS 6

Secure CentOS 6

The article will share some tips which you can use to secure CentOS 6 OS.

Please note that, these are just the tips. Implementing them is at the sole discretion of the owner for the server.

These are pretty small things, but they can help a lot to secure CentOS 6.

Delete Unwanted Users

The installation by default provides with a lot of unwanted users. These are not required on the server.

/usr/sbin/userdel games
/usr/sbin/userdel operator
/usr/sbin/userdel shutdown
/usr/sbin/userdel halt
/usr/sbin/userdel gopher

Disconnect idle users

A good practice will be implement the auto disconnection of the idle users. Normally 15 minutes of idle timeout is suitable in most cases.

Create a file under /etc/profile.d/ and let’s name it disconnect-idle.sh.

Add the following in that file:

readonly TMOUT=900
readonly HISTFILE

Grant execute permissions to the file

chmod +x /etc/profile.d/disconnect-idle.sh

Prompt password in single user mode

This might sound weird for some, but if anyone can get physical access to the server they can crack open the system from the single user mode. It is a good idea to prevent it.

Just change the following line in /etc/sysconfig/init:

SINGLE=/sbin/sushell

to

SINGLE=/sbin/sulogin

Or you can use:

perl -i -pe ‘s/sushell/sulogin/’ /etc/sysconfig/init

Disable prompt for interactive boot

This can be handy if you don’t want any changes to be made to the default boot time services.

You need to change the following line in /etc/sysconfig/init:

PROMPT=yes

to

PROMPT=no

Or you can use the perl one-liner

perl -i -pe ‘s/PROMPT=yes/PROMPT=no/’ /etc/sysconfig/init

Disable hot key Ctrl+Alt+Del

Stop the unwanted reboots which occur by pressing Ctrl+Alt+Del.

You can change the following line in /etc/init/control-alt-delete.conf:

exec /sbin/shutdown -r now "Control-Alt-Delete pressed"

To something like

exec /bin/echo "Control-Alt-Delete event disabled on the system."

Disable all the users but root to run cron and at tasks

Disable the ability all the users on the system to execute cronjob or at commands except for root user.

You can do this using the following commands:

touch /etc/cron.allow
chmod 600 /etc/cron.allow
touch /etc/at.allow
chmod 600 /etc/at.allow
awk -F: ‘{print $1}’ /etc/passwd | grep -v root > /etc/cron.deny
awk -F: ‘{print $1}’ /etc/passwd | grep -v root > /etc/at.deny

Secure CentOS 6

No Comments

Post a Comment

Time limit is exhausted. Please reload CAPTCHA.