Simple Hardening Centos

This is ONLY for CentOS. Simple Hardening Centos with script.After installation centos7 you need this step after install centos7.

What will this script do?

• Install useful packages such as tcpdump, mtr, zsh, perl and logrotate
• Setup automatic yum updates
• Set password policies
  • Passwords will expire every 180 days
  • Passwords may only be changed once a day
• Set OS policies
  • Set idle users to be disconnected after 15 minutes
• Install (if it is not installed) and configure IPTables firewall
  • Open specified TCP/UDP ports
  • Set rules to block common attacks
    • Syn Floods
    • Fragmented Packets
    • Malformed XMAS Packets
    • Drop NULL packets
    • Limit pings to 3 per second and bursts of 25
    • Discourage Port Scanning
  • Set up Connection Tracking
• Install DDoS Deflate
  • More information about DDoS Deflate is available at http://deflate.medialayer.com/
• Install CHKROOTKIT
  • Scheduled to check daily for issues and email your Admin Email
  • More information about CHKROOTKIT is available at http://www.chkrootkit.org/
• Install rkhunter (Root Kit Hunter)
  • Scheduled to check daily for issues and email your Admin Email
  • More information about rkhunter is available at http://www.rootkit.nl/projects/rootkit_hunter.html
• Install LSM (Linux Socket Monitor)
  • Runs in the background and watches for changes in sockets
• Secure the SSH Daemon
  • Change the SSH port to a random number
  • Create an "admin" user
  • Make it so only the "admin" user can be logged into over SSH 

  Downloading the Script

  cd /root
  wget http://mirror.lstn.net/scripts/hardening/centos.sh
  chmod +x centos.sh

  Modifying the Variables

  vim centos.sh

  Run the Script

  ./centos.sh