One more tip, if you can, make ssh only accessible from trusted ip's. If you can't do that because you want to be able to access your server from anywhere then be sure to change the default port for ssh.
There are a ton of automated ssh attacks going on. Erik On 1/13/06, Jake Vickers <[EMAIL PROTECTED]> wrote: > Fabio Milano wrote: > > >Hi, > > > >Is the chkuser patch and smtp-auth installed by defualt. I need to do > >anything to initialize these? (I used your install script) > > > >Thank you for the wonderful answers, and this list really makes it > >possible for people to get into Qmail-Toaster. The efforts of everyone > >on this list is much appreciated. > > > > > As Erik also replied, they're on my default with Toaster. That's about > all you can really do for the Toaster package to make it secure. The > only other things I could recommend would be to write a good firewall > (or use Bastille or Shorewall or some other similar firewall-writing > tool), and disable root SSH login. Login using a user account and su to > root instead. That way even if someone guesses/cracks your user > password, they now have another step to take control of the server > (guess/crack root's password). Close any ports you're not using. If you > don't use IMAP, close the ports. If you don't server web pages > (including webmail), close port 80, and only open it when you want to > login the web interface to control QMail. Minor things, but the more you > shut down the less pin-holes there are for someone to try and peek through. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
