...
- outgoing mail
- SSH
- firewall
Firewall Configuration
Web Server VM
Allow access from
- ssh
- port 80
Geo Server VM
Allow access from
- ssh
- port 8080 from web server
- TCP wrapper
- geo
- TCP wrapper
db TCP wrapper
DB Server VM
Allow access from
- ssh
- port 5432 from web server
- port 5432 from geo server
...
TCP Wrapper
...
Can we restrict port level access?
- web
- Allow request from all host on port 80
- Allow ssh request from all
- Deny requests on all other ports
- geo
- Allow request from web server on port 8080
- Allow ssh request from all
- Deny request from all other host on port 8080
- db
- Allow request from web & geo server on port 5432
- Allow ssh request from all
- Deny request from all other host on port 5432
Packages/Modules: Barebones from VMware on all servers with firewall enabled and package manager(yum or Apt-get) installed
...
File system security: Umask settings, setting up appropriate file permissions
Password & Access security: Use of public/private keys, SSH tunnels.
Tests
...
- Connect to geoserver from city using ssh tunnel.