On Tue, 4 Jul 2006 15:56:02 -0700 Grant <[EMAIL PROTECTED]> wrote: > It has come to my attention that a particular person I know may be > intent on attacking my server/website in any way possible. He doesn't > know much about Linux but does know Windows. What kind of things > should I lock down to protect my remote hosted server?
Locking down ssh is a must. There are thousands of computers scanning the internet attempting to log into any computer running sshd by using brute force (dictionary) attacks. Just look at /var/log/sshd/current and you will see ;) Luckily, this is pretty easy to protect against. In /etc/ssh/sshd_config set PermitRootLogin to 'no' or 'without-password' (without-password means using key based authentication). `emerge denyhosts`, configure it in /etc/denyhosts.conf, start it up, and added it to the default run level. It should be noted that this only goes so far. You need good passwords too. Passwords should be at least 7 characters long and contain upper and lower case with punctuation. You can check for weak passwords with a package called johntheripper. Making sure your software is up to date is also critical. Web-apps are especially prone to security holes. Good Luck! -tcort
pgphkF3hlzzKN.pgp
Description: PGP signature
