[OPEN-ILS-GENERAL] Securing an Evergreen Server

Jesse McCarty jessem at burlingtonwa.gov
Wed Jun 3 11:38:28 EDT 2015


Hello Everyone,

I am in the process of building a new host server (Ubuntu 14.04) for our Evergreen system, with a planned deployment in the fall running the 2.8 series of Evergreen. I was wondering what steps fellow Sys Admins take to secure the host OS for the best possible security? We obviously have a good hardware firewall on our network and I was planning on installing fail2ban and mod_security in Apache. I also plan on blocking unused ports with the system firewall. For SSH connections we have deny all in our hosts.deny file with only the needed IP addresses in our hosts.allow file. The host system also runs unattended upgrades in the middle of the night so any important security fixes are applied without delay.

Any other steps to take to ensure a secure environment?

Thanks!

Jesse McCarty
City of Burlington
IT Technical Assistant

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libmail.georgialibraries.org/pipermail/open-ils-general/attachments/20150603/41e01a7a/attachment.html>


More information about the Open-ils-general mailing list