使用Bastille完美加固CentOS Linux系统

　　This article shows how to secure a CentOS server using psad, Bastille, and some other tweaks. psad is a tool that helps detect port scans and other suspicious traffic, and the Bastille hardening program locks down an operating system, proactively configuring the system for increased security and decreasing its susceptibility to compromise.

Create an additional account for Systems Administration

　　The "adduser" command will create an account.

　　adduser service

　　The "passwd" command will set the password for the "service" account.

　　passwd service

Creating a directory for downloads.

　　This will create a directory to download the RPMs and other files.

　　mkdir /downloads

　　cd /downloads

Installing PSAD

　　psad is a collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze Netfilter log messages to detect port scans and other suspicious traffic. More information can be found here.

　　wget http://www.cipherdyne.com/psad/download/psad-1.4.6-1.i386.rpm

　　rpm -Uvh psad-1.4.6-1.i386.rpm

Installing Bastille

　　The Bastille Hardening program "locks down" an operating system, proactively configuring the system for increased security and decreasing its susceptibility to compromise. Bastille can also assess a system's current state of hardening, granularly reporting on each of the security settings with which it works. More information can be found here.