From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1FxxKM-0002rW-1O for garchives@archives.gentoo.org; Wed, 05 Jul 2006 02:41:22 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k652dn2s018149; Wed, 5 Jul 2006 02:39:49 GMT Received: from cs.ubishops.ca (gamingclub.ubishops.ca [206.167.194.132]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k652Y8gm024393 for ; Wed, 5 Jul 2006 02:34:09 GMT Received: from jungle.tomcort.com (Toronto-HSE-ppp3769602.sympatico.ca [67.68.180.25]) by cs.ubishops.ca (Postfix) with ESMTP id D181D3A7A2 for ; Tue, 4 Jul 2006 22:34:07 -0400 (EDT) Date: Tue, 4 Jul 2006 22:35:08 -0400 From: Thomas Cort To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Protecting my server against an individual Message-Id: <20060704223508.6aec3c68.tcort@gentoo.org> In-Reply-To: <49bf44f10607041556w3db1b64et625c088ba8c56541@mail.gmail.com> References: <49bf44f10607041556w3db1b64et625c088ba8c56541@mail.gmail.com> Organization: Gentoo Linux X-Mailer: Sylpheed version 2.2.4 (GTK+ 2.8.12; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="PGP-SHA1"; boundary="Signature=_Tue__4_Jul_2006_22_35_08_-0400_qwbkwc83Os3BmB+n" X-Archives-Salt: 57d427fc-be11-4d5f-afcf-c78c7b37208e X-Archives-Hash: 9bc98d9ed2993846323f1b05fd0cd31e --Signature=_Tue__4_Jul_2006_22_35_08_-0400_qwbkwc83Os3BmB+n Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, 4 Jul 2006 15:56:02 -0700 Grant wrote: > It has come to my attention that a particular person I know may be > intent on attacking my server/website in any way possible. He doesn't > know much about Linux but does know Windows. What kind of things > should I lock down to protect my remote hosted server? Locking down ssh is a must. There are thousands of computers scanning the internet attempting to log into any computer running sshd by using brute force (dictionary) attacks. Just look at /var/log/sshd/current and you will see ;) Luckily, this is pretty easy to protect against. In /etc/ssh/sshd_config set PermitRootLogin to 'no' or 'without-password' (without-password means using key based authentication). `emerge denyhosts`, configure it in /etc/denyhosts.conf, start it up, and added it to the default run level. It should be noted that this only goes so far. You need good passwords too. Passwords should be at least 7 characters long and contain upper and lower case with punctuation. You can check for weak passwords with a package called johntheripper. Making sure your software is up to date is also critical. Web-apps are especially prone to security holes. Good Luck! -tcort --Signature=_Tue__4_Jul_2006_22_35_08_-0400_qwbkwc83Os3BmB+n Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEqyVeQRqjKWbcq9ERAvj9AJ43Yorz2axcbTwW0rL+hGHyuvWWMgCgtQ6r 1yLBTD5K+v9Tn2auRkk2Nb4= =MkPH -----END PGP SIGNATURE----- --Signature=_Tue__4_Jul_2006_22_35_08_-0400_qwbkwc83Os3BmB+n-- -- gentoo-user@gentoo.org mailing list