On Thu, 2005-04-28 at 06:33 -0700, Mike Hoy wrote:
> Hi,
> 
> i just set up a new server with FC3. after reading george toft's 
> presentation on security i thought it would be a good idea. i had gentoo 
> installed and probably it was being hacked all the time, i don't know.
> 
> today in my new install of FC3 i was told as root that i 'had new 
> messages', in /var/spool/mail/root
> so i checked it out
> somebody has been trying to ssh into my acct with all kinds of usernames 
> and apparently with no success.  i'm told this is called ssh hammering 
> and i need to setup iptables. I need to get started on tightening up 
> security on this thing. My server runs a website and ssh will need to be 
> running.
> my question: (i'm sure more to come)
> I was told I can set ssh up so that root can only access ssh from 
> 127.0.0.1. how do i go about doing that.
----
edit /etc/ssh/sshd_config - it should be obvious where the changes
should be made but if not, let us know.
----
>  also how can i make my personal 
> username have access to /whatever/apache/htdocs/* so I don't have to be 
> root to edit things.
----
generally easier to have each user put their web pages in their own
directory

# getent passwd|grep craig
craig:x:500:500:Craig White:/home/craig:/bin/bash

mkdir /home/craig/html
chown craig:dom_users /home/craig/html

edit /etc/httpd/conf/httpd.conf
to serve this directory

note that craig has a valid shell
note that I never use ftp for upload and thus don't turn on ftp at all
but use scp/sftp
note that a serious look at what you are doing with iptables is
important on any computer directly exposed to the internet
note that I generally don't use the standard port 22 for sshd any more
because of the experiences that you are observing but rather moving it
to an unprivileged port (> 1024)

If you want to keep port 22 and sshd active, you might want to look at
some scripts that identify these types of attacks such as...


http://bluedogsecurity.cyberinfo.se/ssh_block/

http://linuxmafia.com/pub/linux/security/sshd_sentry/sshd_sentry

Craig

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss