It isn't really a checklist like you requested or more than just listing things you should do, but it is the mental checklist I use when I am deploying a server into the wild and it has worked out well for quite some time.
On Tue, Oct 14, 2008 at 7:34 PM, Peter Manis <[email protected]> wrote: > Can't believe I forgot this one, make sure this is in your sshd_config > > PermitRootLogin no > > > On Tue, Oct 14, 2008 at 3:48 PM, Peter Manis <[email protected]> wrote: > >> These have kept me pretty safe. >> >> Install denyhosts, sshd is usually compiled to take advantage of the tcp >> wrapper library. Denyhosts will download (if you enable the feature) a list >> of blocked ip addresses and allow you to set rules on how many login >> attempts before blocking an ip. It also allows you to specify a purge >> period. >> >> Set AllowUsers to only the specific users you want to allow to ssh into >> your machine. This can be just username or usern...@address. I usually >> have one user that can do nothing but login and be an unpriviledged user >> with no address, and another user that is bound to certain addresses. That >> way if I am at a remote location I can still get in and su into the user >> that has sudo access. >> >> Setup key based encryption and turn off password based logins. >> http://www.digital39.com/computers/ssh-lockdown/2008/04/ will give you a >> break down on setting that up. >> >> Install and enable logwatch and set it to the highest level of detail. >> This will send you an email with login attempts, denyhost log entries, and a >> lot of good system information. If someone breaks in the logs will be >> useless if they are good, but it is nice to know the information logwatch >> sends out. >> >> I usually block everything but 443, 80, and 22 on my servers and use >> tunnels to get to anything else. >> >> If it is only one server it might not be possible, but setting up syslogd >> to log remotely will make the logs more effective. The attacker would then >> have to break into the 2nd machine to get access to the /var/log/secure >> entries that he would need to remove. >> >> Check for rootkits from time to time. >> >> >> >> On Tue, Oct 14, 2008 at 3:18 PM, Ragi Y. Burhum <[email protected]> wrote: >> >>> Do any of you have a sort of checklist that you go over or reference >>> guide (self made or available somewhere) that you use when you are going to >>> put an Ubuntu Server live to the evil Internet? >>> >>> I am looking for something more specific than "close the ports that you >>> are not using" or "uninstall the stuff you don't need". "Maybe something >>> like sendmail is on by default. Take it out" or "chmod this file and that >>> file for x reason." "Use so and so package to monitor for weird activities >>> and so on and so forth" >>> >>> My Ubuntu system is working perfectly now (it has all the stuff I >>> need)... I just need to make sure that a portscanner and some brute force >>> crap will not take it out within 5 minutes of putting it live :) >>> >>> Recommendations? >>> >>> - Ragi >>> >>> _______________________________________________ >>> LinuxUsers mailing list >>> [email protected] >>> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers >>> >>> >> >> >> -- >> Peter Manis >> (678) 269-7979 >> > > > > -- > Peter Manis > (678) 269-7979 > -- Peter Manis (678) 269-7979
