| 1 |
On Tue, 4 Jul 2006 15:56:02 -0700 |
| 2 |
Grant <emailgrant@×××××.com> wrote: |
| 3 |
|
| 4 |
> It has come to my attention that a particular person I know may be |
| 5 |
> intent on attacking my server/website in any way possible. He doesn't |
| 6 |
> know much about Linux but does know Windows. What kind of things |
| 7 |
> should I lock down to protect my remote hosted server? |
| 8 |
|
| 9 |
Locking down ssh is a must. There are thousands of computers scanning |
| 10 |
the internet attempting to log into any computer running sshd by using |
| 11 |
brute force (dictionary) attacks. Just look at /var/log/sshd/current |
| 12 |
and you will see ;) Luckily, this is pretty easy to protect against. |
| 13 |
In /etc/ssh/sshd_config set PermitRootLogin to 'no' or |
| 14 |
'without-password' (without-password means using key based |
| 15 |
authentication). `emerge denyhosts`, configure it |
| 16 |
in /etc/denyhosts.conf, start it up, and added it to the default run |
| 17 |
level. It should be noted that this only goes so far. You need good |
| 18 |
passwords too. Passwords should be at least 7 characters long and |
| 19 |
contain upper and lower case with punctuation. You can check for weak |
| 20 |
passwords with a package called johntheripper. Making sure your |
| 21 |
software is up to date is also critical. Web-apps are especially prone |
| 22 |
to security holes. |
| 23 |
|
| 24 |
Good Luck! |
| 25 |
-tcort |
Archives