Linux Server Configuration Standards
1.0 Overview
This standard defines terms and procedures for properly setting up and securing a Murray State University Linux server. The configurations discussed are specific to the Murray State University environment and may not work on all machines.
2.0 Purpose
The purpose of this standard is to provide all system administrators, IT staff, or other approved personnel the appropriate information to abide by the Server Security Policy and to configure a Linux server for safe and reliable use.
3.0 Scope
This standard addresses Murray State University Linux servers only.
4.0 Standard
4.1 Server Request
Prior to any server installation, the administrator must first fill out a server request form found here. Once the server has been approved, the administrator can then start the process of ordering and installing the server.
4.2 Configuration Guidelines
The following linux specific configurations must be made.
SSH must not allow root log in
Must have warning banners for local and remote logins
Sudo must be set up to limit the use of the root account
Set logging to at least a medium level
4.3 Security Tools
The following tools must be installed, properly configured, and actively running on each server:
Host-based firewall
Must be locked down to only needed ports, protocols, and IP ranges
Centralized logging
Must contact the Security Analyst to set up centralized logging
Denyhosts
Configured to allow lockout of all accounts if 5 failed attempts have been detected
4.4 Department Notification
Alert the appropriate departments/technicians if the server has additional needs.
Contact the Backup Operators on what needs to be included in the backup routine.
Contact the Linux Administrator about getting in the correct update schedule.
Contact the Network Technician if the server needs any type of system monitoring or special networking needs.
5.0 Definitions
Server
For purposes of this policy, a Server is defined as an internal Murray State University Server. Desktop machines and Lab equipment are not relevant to the scope of this policy.
6.0 Revision History