Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

SuSe Linux Hardening

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users SuSe Linux Hardening
# 1  
Old 06-25-2012
SuSe Linux Hardening
We've got a FTP server that's open to the public network and its running on Suse SUSE Linux Enterprise Server 11 (x86_64) SP2

Now, since it's an FTP server I can't disable that service, but how else do I harden this server from attacks from outside?

I am thinking of disabling the firewall and only allow communications with FTP ports, and also changing the Selinux to enforcing mode.

Anything else anyone can think of?
# 2  
Old 06-26-2012
Quote:
Originally Posted by hedkandi
Now, since it's an FTP server I can't disable that service, but how else do I harden this server from attacks from outside?
maybe you can replace ftp by sftp ?
Quote:
Originally Posted by hedkandi
I am thinking of disabling the firewall and only allow communications with FTP ports, and also changing the Selinux to enforcing mode.
disable firewall ?Smilie the real problem with FTP is that service sends all data in clear text. If you allow only FTP service ...imho it is a poor protection. SeLinux is a good start. What about chroot all ftp users ?
# 3  
Old 06-26-2012
On SUSE I would use a good ftpd, try AppArmor, leave that firewall on and only allow the required ports and maybe also use TCP_wrappers (it can't hurt).
Last edited by Scrutinizer; 06-26-2012 at 03:43 AM..
This User Gave Thanks to Scrutinizer For This Post:
hedkandi
# 4  
Old 06-26-2012
Have a look at the OS-hardening tool Bastille.
This User Gave Thanks to cero For This Post:
hedkandi
Login or Register to Ask a Question

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. SuSE

Suse LINUX

What is the equivalent of sun explorer in suse linux? Thanks (1 Reply)
Discussion started by: hassan2
1 Replies

2. UNIX for Dummies Questions & Answers

suse linux 6.4-8.1

i need some help from somone familiar with suse linux. i am wanting to update my suse linux 6.4 box to suse linux 8.1. i am trying to do it with yast. and i want to do it via ftp. now, to do this the first thing i need to do is change my source media settings in yast, right now it is the cdrom.... (3 Replies)
Discussion started by: norsk hedensk
3 Replies
Login or Register to Ask a Question