Linux Server Configuration Standards
1.0 Overview
This standard defines terms and procedures for properly setting up and securing a ºìÐÓ¶ÌÊÓƵ State University Linux server. The configurations discussed are specific to the ºìÐÓ¶ÌÊÓƵ State University environment and may not work on all machines.
2.0 Purpose
The purpose of this standard is to provide all system administrators, IT staff or other approved personnel the appropriate information to abide by the Server Security Policy and to configure a Linux server for safe and reliable use.
3.0 Scope
This standard addresses ºìÐÓ¶ÌÊÓƵ State University Linux servers only.
4.0 Standard
4.1 Server Request
Prior to any server installation, the administrator must first fill out a . Once the server has been approved, the administrator can then start the process of ordering and installing the server.
4.2 Configuration Guidelines
The following Linux specific configurations must be made.
- SSH must not allow root log in
- Must have warning banners for local and remote logins
- Sudo must be set up to limit the use of the root account
- Set logging to at least a medium level
4.3 Security Tools
The following tools must be installed, properly configured and actively running on each server:
- Host-based firewall
- Must be locked down to only needed ports, protocols and IP ranges
- Centralized logging
- Must contact the Security Analyst to set up centralized logging
- Denyhosts
- Configured to allow lockout of all accounts if 5 failed attempts have been detected
4.4 Department Notification
Alert the appropriate departments/technicians if the server has additional needs.
- Contact the Backup Operators on what needs to be included in the backup routine.
- Contact the Linux Administrator about getting in the correct update schedule.
- Contact the Network Technician if the server needs any type of system monitoring or special networking needs.
5.0 Definitions
Server
For purposes of this policy, a Server is defined as an internal ºìÐÓ¶ÌÊÓƵ State University Server. Desktop machines and Lab equipment are not relevant to the scope of this policy.