Can't believe I forgot this one, make sure this is in your sshd_config PermitRootLogin no
On Tue, Oct 14, 2008 at 3:48 PM, Peter Manis <[email protected]> wrote: > These have kept me pretty safe. > > Install denyhosts, sshd is usually compiled to take advantage of the tcp > wrapper library. Denyhosts will download (if you enable the feature) a list > of blocked ip addresses and allow you to set rules on how many login > attempts before blocking an ip. It also allows you to specify a purge > period. > > Set AllowUsers to only the specific users you want to allow to ssh into > your machine. This can be just username or usern...@address. I usually > have one user that can do nothing but login and be an unpriviledged user > with no address, and another user that is bound to certain addresses. That > way if I am at a remote location I can still get in and su into the user > that has sudo access. > > Setup key based encryption and turn off password based logins. > http://www.digital39.com/computers/ssh-lockdown/2008/04/ will give you a > break down on setting that up. > > Install and enable logwatch and set it to the highest level of detail. > This will send you an email with login attempts, denyhost log entries, and a > lot of good system information. If someone breaks in the logs will be > useless if they are good, but it is nice to know the information logwatch > sends out. > > I usually block everything but 443, 80, and 22 on my servers and use > tunnels to get to anything else. > > If it is only one server it might not be possible, but setting up syslogd > to log remotely will make the logs more effective. The attacker would then > have to break into the 2nd machine to get access to the /var/log/secure > entries that he would need to remove. > > Check for rootkits from time to time. > > > > On Tue, Oct 14, 2008 at 3:18 PM, Ragi Y. Burhum <[email protected]> wrote: > >> Do any of you have a sort of checklist that you go over or reference guide >> (self made or available somewhere) that you use when you are going to put an >> Ubuntu Server live to the evil Internet? >> >> I am looking for something more specific than "close the ports that you >> are not using" or "uninstall the stuff you don't need". "Maybe something >> like sendmail is on by default. Take it out" or "chmod this file and that >> file for x reason." "Use so and so package to monitor for weird activities >> and so on and so forth" >> >> My Ubuntu system is working perfectly now (it has all the stuff I need)... >> I just need to make sure that a portscanner and some brute force crap will >> not take it out within 5 minutes of putting it live :) >> >> Recommendations? >> >> - Ragi >> >> _______________________________________________ >> LinuxUsers mailing list >> [email protected] >> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers >> >> > > > -- > Peter Manis > (678) 269-7979 > -- Peter Manis (678) 269-7979
