RHEL 6

To keep the system safe, some hardening is required. Start by turning off and stopping unneeded services, for example:

chkconfig autofs off && service autofs stop

chkconfig bluetooth off && service Bluetooth stop

chkconfig cups off && service cups stop

chkconfig netfs off && service netfs stop

chkconfig nfslock off && service nfslock stop

chkconfig portmap off && service portmap stop

chkconfig rpcgssd off && service rpcgssd stop

chkconfig rpcidmapd off && service rpcidmapd stop

The firewall is configured through /etc/sysconfig/iptables. Ensure that only port 80/tcp is open for the webservices and 22/tcp is open for remote administration using SSH. For example, your /etc/sysconfig/iptables file may be similar to the one shown below:

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

After editing /etc/sysconfig/iptables, be sure to re-initialize the firewall using the command:

service iptables restart

RHEL 6

Software Vulnerability Manager (On-Premises Edition) Red Hat 6 and 7 Installation Guide

March 2020