In a wide variety of servers, CentOS server is a leader, with their own advantages, CentOS server received the support of many of the Internet users. So how do security on CentOS servers protected? Below, some security issues given to the CentOS server is a good solution.
1, does not need any ports on firewall off, others PING server, threat, most of the natural decrease.
Ways to prevent others to ping:
1) command prompt, 0 means allow, 1 against
echo 1 > /proc/sys/net/ipv4/icmp_ignore_all
2) using a firewall to block (or discarded) ICMP packets
iptables -A INPUT -p icmp -j DROP
3) no response for all ICMP traffic, such as:
2, to enable security mode (as a commercial application servers do not recommend opening)
#/Local/Zend/etc/php.ini (empty ZO PHP.ini file located at:/etc/php.ini).
safe_mode = On
3, locking PHP application directory
#vi /etc tpd/conf.d irtualhost.conf
Php_admin_value open_/*** (*** for the site directory)!
4, do not give unnecessary Directory write permissions, or 777 permissions, remained at 711 access to root directory, if you are not running PHP to 755.
5, shield PHP unsafe parameters (WebShell)
#/Local/Zend/etc/php.ini (empty ZO PHP.ini file located at:/etc/php.ini)
disable_functions = system,exec,shell_exec,passthru,popen
Following is my server shielding parameters:
disable_functions = passthru,exec,shell_exec,system,set_time_limit,ini_alter,dl, .
Above methods solves the security problem of CentOS server with ease.
6, change the SSH port and restrict SSH login IP
Change the SSH port, best to more than 10000 people scan ports are less likely
The PORT to more than 1000 ports. Also, create a common login user and cancel the direct root login
In the end, add the following sentence:
PermitRootLogin no # to cancel the direct root remote login
7, change the following file permissions so that no one does not change the account permissions:
chattr +i /etc/passwd chattr +i /etc/shadow chattr +i /etc/group chattr +i /etc/gshadow
chmod 600 /etc/xinetd.conf
8, delete the system bloated excess account:
Userdel FTP # if you do not allow anonymous FTP, delete the user account
Change the following file permissions so that no one does not change the account permissions:
chattr i /etc/passwd
chattr i /etc/shadow
chattr i /etc/group
chattr i /etc/gshadow
Finally, remember to turn off anonymous FTP user login.