From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.43)
	id 1E07xt-0003T6-Rp
	for garchives@archives.gentoo.org; Wed, 03 Aug 2005 01:22:38 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j731LKGh026790;
	Wed, 3 Aug 2005 01:21:20 GMT
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.192])
	by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j731Hc0E002446
	for <gentoo-user@lists.gentoo.org>; Wed, 3 Aug 2005 01:17:39 GMT
Received: by wproxy.gmail.com with SMTP id i1so18403wra
        for <gentoo-user@lists.gentoo.org>; Tue, 02 Aug 2005 18:18:03 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=GRbxLqxM/btSzk9ZUcsGAE6DplrfHXNHZW2ecrP0f856nmrDA9ji6FMaXpvAgbJdnWKC1pgn4jVH+GmOvMp30K4KsSs0/Rc+Zd4tPt8BnyI5JhvREcZ0GZ06W8vGGiEwDpvTO+Izq51IpeHnPUTJUo3ViAce61bBsX31KrOyN+A=
Received: by 10.54.158.13 with SMTP id g13mr134008wre;
        Tue, 02 Aug 2005 18:18:03 -0700 (PDT)
Received: by 10.54.39.56 with HTTP; Tue, 2 Aug 2005 18:18:03 -0700 (PDT)
Message-ID: <8f7a9d58050802181843723462@mail.gmail.com>
Date: Wed, 3 Aug 2005 01:18:03 +0000
From: Raphael Melo de Oliveira Bastos Sales <raphael.melo21@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Testing how secure a server is...
In-Reply-To: <BF39219E-1045-4DE7-84D6-FFDD7ADC6204@gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
References: <8f7a9d5805080216505f9b4a51@mail.gmail.com>
	 <BF39219E-1045-4DE7-84D6-FFDD7ADC6204@gmail.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by robin.gentoo.org id j731Hc0E002446
X-Archives-Salt: 173a1ac7-b965-4fca-b7fb-5860af859a6f
X-Archives-Hash: 2188308aa1f6a10c24ce0dc5e233bc87

Hey Colin,

I was looking at the /etc/ssh/sshd_config file and found these:

LoginGraceTime 600
MaxAuthTries 6

Is the first one what you meant?

The second seems like an attempt to avoid brute force login. 

Also, does Grub need any kind of password protection? I don't know if
it was Grub or Lilo that allowed root access unless password
protected. Am I mistaken?

As you can see, I still have a lot to learn. ;)

2005/8/3, Colin <signofzeta@gmail.com>:
> 
> On Aug 2, 2005, at 7:50 PM, Raphael Melo de Oliveira Bastos Sales wrote:
> 
> > Hi there,
> >
> >    I was wondering what tools should I use to detect security flaws to
> > my server and a few tips on how to use them. What are the most common
> > forms of attack and how do I avoid being attacked by one of them?
> >
> >    The services avaliable are only Apache - SSL and SSH. I've
> > installed an firewall, iptables and firestarter to control it, and
> > blocked all ports except 443 and 8080, where the SSH is listening.
> > Apache has PHP installed as a module.
> >
> 
> Want to know how secure your server is?  Try and hack it!
> 
> A good port scanner like nmap should be a basic check of your
> firewall.  I would also set nmap (if it can do this) to perform a SYN
> flood as it scans, to see if your server can withstand that basic DoS
> attack.  (Adding --syn to your TCP rules in iptables can prevent SYN
> flooding when used with SYN cookies.)  When you break in, find out
> why it worked and how it can be patched.
> 
> Some things I would advise (I'm currently working on a server at the
> moment as well):
>   - If the server is really important (or if you're paranoid), use
> the hardened-sources with PIE/SSP to prevent badly-written programs
> from arbitrarily executing code.
>   - Enable SYN flood protection.  There's a kernel option somewhere
> about IPv4 SYN cookies, enable that, and couple it with --syn
> attached to your TCP rules in iptables.  It's a very popular denial-
> of-service attack.
>   - Whenever you need to login or authenticate yourself, make the
> system delay five seconds after a bad password is entered.  This will
> make a brute-force attack much much slower (0.2 passwords/sec as
> opposed to millions passwords/sec without a delay, depending on your
> server's speed).
>   - Make sure iptables is set to deny all traffic that isn't
> explicitly allowed.
>   - Turn off any services you don't need.
>   - Read through your logs every now and then.  I highly advise
> having the server burn them to a CD/floppy every now and then for an
> instant backup.  Get a log reader/parser, too.
> 
> Naturally, hide the server in the attic or basement.  Chain it to
> something, or if it has a security slot, use a security cable.  Put a
> lock on the case door.  Unplug your floppy/CD drives if you're not
> using them.  As of this writing, there is no kernel option to keep
> your computer or its innards from walking away. :-)
> --
> Colin
> --
> gentoo-user@gentoo.org mailing list
> 
>

-- 
gentoo-user@gentoo.org mailing list