1 |
On Tue, 4 Jul 2006 15:56:02 -0700 |
2 |
Grant <emailgrant@×××××.com> wrote: |
3 |
|
4 |
> It has come to my attention that a particular person I know may be |
5 |
> intent on attacking my server/website in any way possible. He doesn't |
6 |
> know much about Linux but does know Windows. What kind of things |
7 |
> should I lock down to protect my remote hosted server? |
8 |
|
9 |
Locking down ssh is a must. There are thousands of computers scanning |
10 |
the internet attempting to log into any computer running sshd by using |
11 |
brute force (dictionary) attacks. Just look at /var/log/sshd/current |
12 |
and you will see ;) Luckily, this is pretty easy to protect against. |
13 |
In /etc/ssh/sshd_config set PermitRootLogin to 'no' or |
14 |
'without-password' (without-password means using key based |
15 |
authentication). `emerge denyhosts`, configure it |
16 |
in /etc/denyhosts.conf, start it up, and added it to the default run |
17 |
level. It should be noted that this only goes so far. You need good |
18 |
passwords too. Passwords should be at least 7 characters long and |
19 |
contain upper and lower case with punctuation. You can check for weak |
20 |
passwords with a package called johntheripper. Making sure your |
21 |
software is up to date is also critical. Web-apps are especially prone |
22 |
to security holes. |
23 |
|
24 |
Good Luck! |
25 |
-tcort |