How to secure a centos server[centos-7]?

Part 2

In first part we discuss three Security issue those are

1. Set the maximum password login attempts per session.

2. SSH Daemon Options

* Disallow root logins over SSH.

* Disable SSH password authentication.

* Listen on only one internet protocol.

Now We will discuss other security issues with the rest of them. Issues are

3. Install an Advanced Intrusion Detection environment.

4. Enabling audited Service.

Install an Advanced Intrusion Detection environment:

Now we discuss AIDE(Install an Advanced Intrusion Detection environment).But at first we need to know what is AIDE? AIDE takes a snapshot of the system, modification times, register hashes and other data related to the files defined by the administrator. This snapshot is used to build its own database which will be used to check and verify the integrity of the files. It supports message digest algorithms such as — sha1, md5, sha256, sha512, rmd160, and much more. It provides sophisticated techniques to evaluate and report any malicious change within the server.

Now you can install AIDE using command — `yum install aide`

To check the aide version in command mode Type : — `aide -v`

Then the next step is to create database for aide the dafult file location provide` /etc/aide.conf or you can chose other file`. After changes to aide.conf file have been finalized, next step is to generate the database. To generate the database, use the command `aide — init`. This command will take some time to execute. please wait

After Successfully complete create the database we see the message like

Database is created in location /var/lib/aide/aide.db.new.gz. However, we run to check the AIDE,

the database must be moved to location- /var/lib/aide/aide.db.gz. Use the move command- mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

Finally, We check the aide using this command in command mode: aide –check. Its take some time to execution to check the database. please wait

In check if all file ok then we see the message

Alternatively, If we want to performed all operation in single. Run the command in command mode

yum install aide -y && /usr/sbin/aide –init && cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz && /usr/sbin/aide –check

Now we are successfully configure the aide security in centos server.

Enabling audited Service

If you want more secure your CentOS 7 server is to enable the Auditd service. But before we start, let us understand the importance of auditd.

Auditd is a component of the Linux Auditing System. It is responsible for writing audit records to disk. You can configure audit rules, view logs and customize it based on your requirements. Auditd helps in providing valuable insights about server performance and allows you to closely monitor every activity in the server.

Audit system uses two packages: audit and audit-libs.

You can check if audit is installed on your server using the command-

sudo yum list audit audit-libs.

If Auditd service is not install your system then install auditd in your system using this command- sudo yum install audit

In other case if you want to reinstall audit service in your system then run this command-

sudo yum reinstall audit

To enable audit service using this command: — systemctl enable auditd.service

We can configure auditd-related information such as `num_logs`, `max_log_file` in the file /etc/audit/auditd.conf.

The following is a sample snapshot of auditd.conf-

And that’s it! Now Your CentOS 7 server is more secure than before thanks.

[NB:https://wiki.centos.org/HowTos/OS_Protection, http://www.linuxsecurity.com/content/view/101892/155/]