1 |
Hey Colin, |
2 |
|
3 |
I was looking at the /etc/ssh/sshd_config file and found these: |
4 |
|
5 |
LoginGraceTime 600 |
6 |
MaxAuthTries 6 |
7 |
|
8 |
Is the first one what you meant? |
9 |
|
10 |
The second seems like an attempt to avoid brute force login. |
11 |
|
12 |
Also, does Grub need any kind of password protection? I don't know if |
13 |
it was Grub or Lilo that allowed root access unless password |
14 |
protected. Am I mistaken? |
15 |
|
16 |
As you can see, I still have a lot to learn. ;) |
17 |
|
18 |
2005/8/3, Colin <signofzeta@×××××.com>: |
19 |
> |
20 |
> On Aug 2, 2005, at 7:50 PM, Raphael Melo de Oliveira Bastos Sales wrote: |
21 |
> |
22 |
> > Hi there, |
23 |
> > |
24 |
> > I was wondering what tools should I use to detect security flaws to |
25 |
> > my server and a few tips on how to use them. What are the most common |
26 |
> > forms of attack and how do I avoid being attacked by one of them? |
27 |
> > |
28 |
> > The services avaliable are only Apache - SSL and SSH. I've |
29 |
> > installed an firewall, iptables and firestarter to control it, and |
30 |
> > blocked all ports except 443 and 8080, where the SSH is listening. |
31 |
> > Apache has PHP installed as a module. |
32 |
> > |
33 |
> |
34 |
> Want to know how secure your server is? Try and hack it! |
35 |
> |
36 |
> A good port scanner like nmap should be a basic check of your |
37 |
> firewall. I would also set nmap (if it can do this) to perform a SYN |
38 |
> flood as it scans, to see if your server can withstand that basic DoS |
39 |
> attack. (Adding --syn to your TCP rules in iptables can prevent SYN |
40 |
> flooding when used with SYN cookies.) When you break in, find out |
41 |
> why it worked and how it can be patched. |
42 |
> |
43 |
> Some things I would advise (I'm currently working on a server at the |
44 |
> moment as well): |
45 |
> - If the server is really important (or if you're paranoid), use |
46 |
> the hardened-sources with PIE/SSP to prevent badly-written programs |
47 |
> from arbitrarily executing code. |
48 |
> - Enable SYN flood protection. There's a kernel option somewhere |
49 |
> about IPv4 SYN cookies, enable that, and couple it with --syn |
50 |
> attached to your TCP rules in iptables. It's a very popular denial- |
51 |
> of-service attack. |
52 |
> - Whenever you need to login or authenticate yourself, make the |
53 |
> system delay five seconds after a bad password is entered. This will |
54 |
> make a brute-force attack much much slower (0.2 passwords/sec as |
55 |
> opposed to millions passwords/sec without a delay, depending on your |
56 |
> server's speed). |
57 |
> - Make sure iptables is set to deny all traffic that isn't |
58 |
> explicitly allowed. |
59 |
> - Turn off any services you don't need. |
60 |
> - Read through your logs every now and then. I highly advise |
61 |
> having the server burn them to a CD/floppy every now and then for an |
62 |
> instant backup. Get a log reader/parser, too. |
63 |
> |
64 |
> Naturally, hide the server in the attic or basement. Chain it to |
65 |
> something, or if it has a security slot, use a security cable. Put a |
66 |
> lock on the case door. Unplug your floppy/CD drives if you're not |
67 |
> using them. As of this writing, there is no kernel option to keep |
68 |
> your computer or its innards from walking away. :-) |
69 |
> -- |
70 |
> Colin |
71 |
> -- |
72 |
> gentoo-user@g.o mailing list |
73 |
> |
74 |
> |
75 |
|
76 |
-- |
77 |
gentoo-user@g.o mailing list |