CentOS 5.4 x86_64 optimized & hardened image


CentOS 5.4 x86_64 optimized & hardened image

The image designed to serve as minimal resources (disk, RAM, CPU, processes, etc …) as possible, to provide reliable and secure system.

Image Information & Recommendation:
Storage: The ‘/’ file-system usage is about 800Mb, only 233 RPM packages are installed.
This ‘Core’ installation provide you an ability to design the system to be much suitable for your needs.
The recommended total disk size is 10Gb. Note: the disk size depend from applications and services you plan to run on the system

Memory: The system use ~100Mb of memory to run mandatory services like init, disk management, logging and networking. We recommend use at least 256Mb of RAM according to the vendors requirements.

CPU and processes: ~35 processes run by default on the system for a minimal CPU load. The recommended CPU is >= 400 MHz

Security information:
The system runs under firewall. The firewall is based on standard iptables/ipchains functionality. The firewall is configured as such:

  • SYN flood (a form of denial-of-service attack) protection limited with maximum average (16/s) and initial number of packets to match (32). More at http://en.wikipedia.org/wiki/SYN_flood
  • To accept icmp echo requests. Required by the applications like ‘ping’
  • with TCP sessions check to be started with SYN to avoid stealth scanning. SYN packets are limited to avoid flood
  • to allow access to FTP (port 20/tcp) from any source to enable downloading files from FTP sutes on non PASV mode
  • to allow access to SSH (22/tcp) from any source
  • to allow outgoing requests on all ports for NEW,ESTABLISHED,RELATED connections
  • to allow all forward requests for ESTABLISHED,RELATED connections