0

I’m seeking practical recommendations and tools to improve the security of my Linux server (CentOS) and minimize unauthorized access. I’m interested in both fundamental and advanced solutions that can be easily integrated and configured.

Specifically, I need:

  • Protection Against Unauthorized Access: What tools and practices are most effective for preventing hacking and intrusion into the server? This includes authentication methods (e.g., two-factor authentication) and tools for monitoring activity and detecting suspicious behavior.

What I’ve Tried:

I experimented with SELinux, but when attempting to set the strictest security level (“military level”), the server failed to boot after rebooting. I likely made a configuration error. I would appreciate detailed guidance on correctly configuring SELinux, or alternative approaches to kernel-level security hardening.

What Kind of Answers I’m Looking For:

  • Recommendations for specific tools, including open-source alternatives.
  • Detailed instructions on how to configure and use these tools.
  • Example configurations for different security levels (from basic to advanced).
  • Alternatives to SELinux for kernel-level security enhancement.
Improve this question
6
  • run selinux in audit mode for a while and examine the error log (and fix the errors!) before enabling it fully Commented Jun 14 at 16:28
  • 3
    The best way to do this is to do a risk assessment and then install an appropriate tool to mitigate each risk. Asking "what's the best way" is asking for an opinion and not appropriate here. More appropriate would be "here's my list of risks, what tools can mitigate these?" Commented Jun 14 at 16:29
  • "hacking and intrusion into the server" is too broad. Hacking how? Physically or through specific network services? If you want detailed instructions, you need to read the documentation for the tools. Commented Jun 14 at 16:32
  • 1
    What is "military level"? That's not an SELinux term. Commented Jun 14 at 17:26
  • 2
    Selinux is very well developed and documented. It is a bit cumbersome to use, but then, so is security hardening in general. If you can't handle selinux, you probably can't do security hardening well in general. Commented Jun 14 at 18:21

1 Answer 1

Reset to default
0

AppArmor is a valid alternative to SELinux for kernel-level security hardening, especially if you found SELinux too complex or ran into boot issues.

AppArmor is not installed or enabled by default on CentOS, as it is not part of the default security architecture used by CentOS. CentOS employs SELinux as its mandatory access control system. If you want to use AppArmor on CentOS, you will need to manually install and configure it.

And beyond that, you need a security concept for hardening servers.

There’s no universal manual, in fact, you’ll need a dedicated security guide/instructions for every service and software you will use, policies and more (usermanagement, webserver, SSH, etc.)...

Hardening a Linux server is the process of enhancing its security and reducing its attack surface by applying various configurations, policies, and tools. A hardened Linux server is more resilient to cyber threats and less prone to compromise.

While Linux servers have been employed for specialized purposes over an extended period, it’s crucial to recognize that the default configuration of a freshly installed Linux server often exhibits a remarkably low level of security. This intentional design choice aims to maximize functionality and versatility during the initial setup phase. However, this approach necessitates the implementation of fundamental hardening tools before deploying the server in a production environment, where it will be exposed to potential threats and vulnerabilities.

Improve this answer
4
  • 3
    it's worth noting that "let me replace the security system designed and tuned by the security experts of this reliability-oriented distro with something I've rolled myself" is almost certainly not making your system safer. Commented Jun 14 at 17:27
  • 1
    just thank you for suggestion replacement for SELinux, its just was hard to find alternatives Commented Jun 14 at 17:31
  • If you want to use AppArmor, I strongly recommend you switch to Ubuntu where it is native rather than trying to wedge it into CentOS where SELinux is native. Commented Jun 14 at 18:22
  • okay i try doing this Commented Jun 14 at 18:26

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.