SuSe Linux Hardening

hedkandi · June 25, 2012, 10:11pm

We've got a FTP server that's open to the public network and its running on Suse SUSE Linux Enterprise Server 11 (x86_64) SP2

Now, since it's an FTP server I can't disable that service, but how else do I harden this server from attacks from outside?

I am thinking of disabling the firewall and only allow communications with FTP ports, and also changing the Selinux to enforcing mode.

Anything else anyone can think of?

haczyk · June 26, 2012, 1:23am

maybe you can replace ftp by sftp ?

disable firewall ? the real problem with FTP is that service sends all data in clear text. If you allow only FTP service ...imho it is a poor protection. SeLinux is a good start. What about chroot all ftp users ?

Scrutinizer · June 26, 2012, 1:46am

On SUSE I would use a good ftpd, try AppArmor, leave that firewall on and only allow the required ports and maybe also use TCP_wrappers (it can't hurt).

cero · June 26, 2012, 2:23am

Have a look at the OS-hardening tool Bastille.