This is excellent information. Exactly the kind of stuff I wanted. Thanks a lot Peter.
On Tue, Oct 14, 2008 at 4:35 PM, <[email protected]> wrote: > ---------- Forwarded message ---------- > From: "Peter Manis" <[email protected]> > To: "SoCal LUG Users List" <[email protected]> > Date: Tue, 14 Oct 2008 19:38:07 -0400 > Subject: Re: [LinuxUsers] Securing an Ubuntu LTS 8.04 Server Edition > It isn't really a checklist like you requested or more than just listing > things you should do, but it is the mental checklist I use when I am > deploying a server into the wild and it has worked out well for quite some > time. > > On Tue, Oct 14, 2008 at 7:34 PM, Peter Manis <[email protected]> wrote: > >> Can't believe I forgot this one, make sure this is in your sshd_config >> >> PermitRootLogin no >> >> >> On Tue, Oct 14, 2008 at 3:48 PM, Peter Manis <[email protected]> wrote: >> >>> These have kept me pretty safe. >>> >>> Install denyhosts, sshd is usually compiled to take advantage of the tcp >>> wrapper library. Denyhosts will download (if you enable the feature) a list >>> of blocked ip addresses and allow you to set rules on how many login >>> attempts before blocking an ip. It also allows you to specify a purge >>> period. >>> >>> Set AllowUsers to only the specific users you want to allow to ssh into >>> your machine. This can be just username or usern...@address. I usually >>> have one user that can do nothing but login and be an unpriviledged user >>> with no address, and another user that is bound to certain addresses. That >>> way if I am at a remote location I can still get in and su into the user >>> that has sudo access. >>> >>> Setup key based encryption and turn off password based logins. >>> http://www.digital39.com/computers/ssh-lockdown/2008/04/ will give you a >>> break down on setting that up. >>> >>> Install and enable logwatch and set it to the highest level of detail. >>> This will send you an email with login attempts, denyhost log entries, and a >>> lot of good system information. If someone breaks in the logs will be >>> useless if they are good, but it is nice to know the information logwatch >>> sends out. >>> >>> I usually block everything but 443, 80, and 22 on my servers and use >>> tunnels to get to anything else. >>> >>> If it is only one server it might not be possible, but setting up syslogd >>> to log remotely will make the logs more effective. The attacker would then >>> have to break into the 2nd machine to get access to the /var/log/secure >>> entries that he would need to remove. >>> >>> Check for rootkits from time to time. >>> >>> >>> >>> On Tue, Oct 14, 2008 at 3:18 PM, Ragi Y. Burhum <[email protected]> wrote: >>> >>>> Do any of you have a sort of checklist that you go over or reference >>>> guide (self made or available somewhere) that you use when you are going to >>>> put an Ubuntu Server live to the evil Internet? >>>> >>>> I am looking for something more specific than "close the ports that you >>>> are not using" or "uninstall the stuff you don't need". "Maybe something >>>> like sendmail is on by default. Take it out" or "chmod this file and that >>>> file for x reason." "Use so and so package to monitor for weird activities >>>> and so on and so forth" >>>> >>>> My Ubuntu system is working perfectly now (it has all the stuff I >>>> need)... I just need to make sure that a portscanner and some brute force >>>> crap will not take it out within 5 minutes of putting it live :) >>>> >>>> Recommendations? >>>> >>>> - Ragi >>>> >>>> _______________________________________________ >>>> LinuxUsers mailing list >>>> [email protected] >>>> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers >>>> >>>> >>> >>> >>> -- >>> Peter Manis >>> (678) 269-7979 >>> >> >> >> >> -- >> Peter Manis >> (678) 269-7979 >> > > > > -- > Peter Manis > (678) 269-7979 > > _______________________________________________ > LinuxUsers mailing list > [email protected] > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > >
