Linux Server Configuration Standards

1.0 Overview

This standard defines terms and procedures for properly setting up and securing a Murray State University Linux server. The configurations discussed are specific to the Murray State University environment and may not work on all machines.

2.0 Purpose

The purpose of this standard is to provide all system administrators, IT staff, or other approved personnel the appropriate information to abide by the Server Security Policy and to configure a Linux server for safe and reliable use.

3.0 Scope

This standard addresses Murray State University Linux servers only.

4.0 Standard

4.1 Server Request

Prior to any server installation, the administrator must first fill out a server request form found here. Once the server has been approved, the administrator can then start the process of ordering and installing the server.

4.2 Configuration Guidelines

The following linux specific configurations must be made.

• SSH must not allow root log in

• Must have warning banners for local and remote logins

• Sudo must be set up to limit the use of the root account

• Set logging to at least a medium level

4.3 Security Tools

The following tools must be installed, properly configured, and actively running on each server:

• Host-based firewall

  • Must be locked down to only needed ports, protocols, and IP ranges

• Centralized logging

  • Must contact the Security Analyst to set up centralized logging

• Denyhosts

  • Configured to allow lockout of all accounts if 5 failed attempts have been detected

4.4 Department Notification

Alert the appropriate departments/technicians if the server has additional needs.

• Contact the Backup Operators on what needs to be included in the backup routine.

• Contact the Linux Administrator about getting in the correct update schedule.

• Contact the Network Technician if the server needs any type of system monitoring or special networking needs.

5.0 Definitions

Server

For purposes of this policy, a Server is defined as an internal Murray State University Server. Desktop machines and Lab equipment are not relevant to the scope of this policy.

6.0 Revision History