From: Thomas Cort <tcort@gentoo.org>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Protecting my server against an individual
Date: Tue, 4 Jul 2006 22:35:08 -0400 [thread overview]
Message-ID: <20060704223508.6aec3c68.tcort@gentoo.org> (raw)
In-Reply-To: <49bf44f10607041556w3db1b64et625c088ba8c56541@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1253 bytes --]
On Tue, 4 Jul 2006 15:56:02 -0700
Grant <emailgrant@gmail.com> wrote:
> It has come to my attention that a particular person I know may be
> intent on attacking my server/website in any way possible. He doesn't
> know much about Linux but does know Windows. What kind of things
> should I lock down to protect my remote hosted server?
Locking down ssh is a must. There are thousands of computers scanning
the internet attempting to log into any computer running sshd by using
brute force (dictionary) attacks. Just look at /var/log/sshd/current
and you will see ;) Luckily, this is pretty easy to protect against.
In /etc/ssh/sshd_config set PermitRootLogin to 'no' or
'without-password' (without-password means using key based
authentication). `emerge denyhosts`, configure it
in /etc/denyhosts.conf, start it up, and added it to the default run
level. It should be noted that this only goes so far. You need good
passwords too. Passwords should be at least 7 characters long and
contain upper and lower case with punctuation. You can check for weak
passwords with a package called johntheripper. Making sure your
software is up to date is also critical. Web-apps are especially prone
to security holes.
Good Luck!
-tcort
[-- Attachment #2: Type: application/pgp-signature, Size: 191 bytes --]
next prev parent reply other threads:[~2006-07-05 2:41 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-04 22:56 [gentoo-user] Protecting my server against an individual Grant
2006-07-04 23:54 ` [gentoo-user] " James
2006-07-05 0:38 ` Grant
2006-07-05 0:51 ` Dale
2006-07-05 2:17 ` Thomas Cort
2006-07-05 3:37 ` James
2006-07-05 7:35 ` Alexander Skwar
2006-07-05 1:57 ` [gentoo-user] " Ryan Tandy
2006-07-05 7:38 ` Alexander Skwar
2006-07-05 9:23 ` Trenton Adams
2006-07-05 11:02 ` Alexander Skwar
2006-07-05 12:03 ` jarry
2006-07-05 16:38 ` Daniel da Veiga
2006-07-05 10:49 ` jarry
2006-07-05 12:45 ` W.Kenworthy
2006-07-05 16:40 ` Ryan Tandy
2006-07-05 23:31 ` Lord Sauron
2006-07-05 23:58 ` Ryan Tandy
2006-07-06 0:30 ` Steven Susbauer
2006-07-06 0:36 ` Ryan Tandy
2006-07-06 7:07 ` Lord Sauron
2006-07-06 14:39 ` Daniel da Veiga
2006-07-07 16:46 ` Devon Miller
2006-07-06 6:11 ` Alexander Skwar
2006-07-06 7:12 ` Lord Sauron
2006-07-06 9:12 ` Alexander Skwar
2006-07-11 7:40 ` Daevid Vincent
2006-07-05 2:35 ` Thomas Cort [this message]
2006-07-05 10:22 ` Daniel
2006-07-05 13:36 ` [gentoo-user] " dnlt0hn5ntzhbqkv51
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060704223508.6aec3c68.tcort@gentoo.org \
--to=tcort@gentoo.org \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox