Chapter 18. Server best practices
The following tasks and tips can assist you with securing and ensuring reliability of your Red Hat Enterprise Linux 5 server host (dom0).
- Run SELinux in enforcing mode. You can do this by executing the command below.
# setenforce 1
- Remove or disable any unnecessary services such as
AutoFS
,NFS
,FTP
,HTTP
,NIS
,telnetd
,sendmail
and so on. - Only add the minimum number of user accounts needed for platform management on the server and remove unnecessary user accounts.
- Avoid running any unessential applications on your host. Running applications on the host may impact virtual machine performance and can affect server stability. Any application which may crash the server will also cause all virtual machines on the server to go down.
- Use a central location for virtual machine installations and images. Virtual machine images should be stored under
/var/lib/libvirt/images/
. If you are using a different directory for your virtual machine images make sure you add the directory to your SELinux policy and relabel it before starting the installation. - Installation sources, trees, and images should be stored in a central location, usually the location of your
vsftpd
server.