Hey Colin, I was looking at the /etc/ssh/sshd_config file and found these:
LoginGraceTime 600 MaxAuthTries 6 Is the first one what you meant? The second seems like an attempt to avoid brute force login. Also, does Grub need any kind of password protection? I don't know if it was Grub or Lilo that allowed root access unless password protected. Am I mistaken? As you can see, I still have a lot to learn. ;) 2005/8/3, Colin <[EMAIL PROTECTED]>: > > On Aug 2, 2005, at 7:50 PM, Raphael Melo de Oliveira Bastos Sales wrote: > > > Hi there, > > > > I was wondering what tools should I use to detect security flaws to > > my server and a few tips on how to use them. What are the most common > > forms of attack and how do I avoid being attacked by one of them? > > > > The services avaliable are only Apache - SSL and SSH. I've > > installed an firewall, iptables and firestarter to control it, and > > blocked all ports except 443 and 8080, where the SSH is listening. > > Apache has PHP installed as a module. > > > > Want to know how secure your server is? Try and hack it! > > A good port scanner like nmap should be a basic check of your > firewall. I would also set nmap (if it can do this) to perform a SYN > flood as it scans, to see if your server can withstand that basic DoS > attack. (Adding --syn to your TCP rules in iptables can prevent SYN > flooding when used with SYN cookies.) When you break in, find out > why it worked and how it can be patched. > > Some things I would advise (I'm currently working on a server at the > moment as well): > - If the server is really important (or if you're paranoid), use > the hardened-sources with PIE/SSP to prevent badly-written programs > from arbitrarily executing code. > - Enable SYN flood protection. There's a kernel option somewhere > about IPv4 SYN cookies, enable that, and couple it with --syn > attached to your TCP rules in iptables. It's a very popular denial- > of-service attack. > - Whenever you need to login or authenticate yourself, make the > system delay five seconds after a bad password is entered. This will > make a brute-force attack much much slower (0.2 passwords/sec as > opposed to millions passwords/sec without a delay, depending on your > server's speed). > - Make sure iptables is set to deny all traffic that isn't > explicitly allowed. > - Turn off any services you don't need. > - Read through your logs every now and then. I highly advise > having the server burn them to a CD/floppy every now and then for an > instant backup. Get a log reader/parser, too. > > Naturally, hide the server in the attic or basement. Chain it to > something, or if it has a security slot, use a security cable. Put a > lock on the case door. Unplug your floppy/CD drives if you're not > using them. As of this writing, there is no kernel option to keep > your computer or its innards from walking away. :-) > -- > Colin > -- > gentoo-user@gentoo.org mailing list > > -- gentoo-user@gentoo.org mailing list
