Securing a public/open linux shell server

["Lisciotti, Kevin" <klisciotti () UMASSP EDU>]

Does anyone have experience in setting up and securing a public/open linux shell server? This would be like the free 
shell servers you see listed on the Internet, such as arbornet.org or cyberspace.org. It could also be shell servers 
that you have at your institution used by students, faculty, vendors etc.

What I'm looking for is a checklist or how-to specifically geared towards a Red Hat / CentOS based linux system. I know 
a lot of the standard OS security stuff, but would like more advanced information from someone who may have done 
something like this. Also, could you elaborate on issues you may have run into, and how you remediated them if possible?

At the moment, I don't have any specific services in mind that would be offered from the shell. I know it would be 
helpful to know what services would be offered, but I'm looking more for baseline security steps that I can take in 
securing the server.

Some ideas of things I'm looking for…

 *   Implementing disk quotas
 *   Limiting number of user processes
 *   Limiting suid binaries
 *   Installing minimum number of packages
 *   Limiting/blocking outbound connectivity
 *   Network isolation
 *   Chroot users to home directory
 *   Restricting access to binaries
 *   Updating the system as often as possible
 *   Don't install compilers or development tools

I know I'm asking for a lot, but hopefully this gives you some ideas as to what I'm looking to achieve.

Thanks,

[cid:11485124-2204-4E24-B37B-86ED3EB288EC]

:: Kevin Lisciotti, Senior Systems Specialist, RHCE, RHCSA
:: University Information Technology Services (UITS)
:: University of Massachusetts President's Office

:: 774-455-7761 Office
:: 774-455-7733 Fax
:: klisciotti () umassp edu<mailto:klisciotti () umassp edu>

University of Massachusetts : 333 South St. : Suite 400 : Shrewsbury, MA 01545 : 
www.massachusetts.edu<http://www.massachusetts.edu/>