[SWLUG] keeping server secure

Chris Jackson chriscf at gmail.com
Sat Sep 18 21:32:54 UTC 2010


On 18 September 2010 19:25, Neil Jones <neil at nwjones.demon.co.uk> wrote:
>  For those of you who know about server security.
> You have a server what would you do to stop it being compromised?
The only certainty is never to turn it on. :o)

The obvious step is to ensure any services you don't need aren't
running, and any services that don't need to listen to the Internet
aren't accessible from it.  It may be worth configuring the firewall
to drop traffic for anything that isn't listening to the outside
world, since an active refusal may tell an attacker that something is
running which may be exploitable in other ways.

fail2ban can help restrict some attack vectors by spotting patterns in
error logs - it will block IP addresses that make repeated SSH login
attempts, for instance.  Without having looked into it, I imagine it
would be extensible to trapping HTTP or FTP exploits, and pretty much
anything else.

If you're using cryptographic key authentication in place of
passwords, check them against the SSH and SSL blacklists, invalidate
and regenerate any that fail.  If you are using passwords, enable
strength testing in the password tool (I think many distributions now
ship a passwd with cracklib support to do this).

There's a few to get started.  Could make for an interesting topic for
a talk ...

-- 
Chris Jackson




More information about the Swlug mailing list