[SWLUG] keeping server secure

Matthew Moore matt at matthewmoore.org.uk
Sun Sep 19 15:28:30 UTC 2010


On 18/09/10 22:32, Chris Jackson wrote:
> On 18 September 2010 19:25, Neil Jones<neil at nwjones.demon.co.uk>  wrote:
>>   For those of you who know about server security.
>> You have a server what would you do to stop it being compromised?
> The only certainty is never to turn it on. :o)
>
> The obvious step is to ensure any services you don't need aren't
> running, and any services that don't need to listen to the Internet
> aren't accessible from it.  It may be worth configuring the firewall
> to drop traffic for anything that isn't listening to the outside
> world, since an active refusal may tell an attacker that something is
> running which may be exploitable in other ways.
>
> fail2ban can help restrict some attack vectors by spotting patterns in
> error logs - it will block IP addresses that make repeated SSH login
> attempts, for instance.  Without having looked into it, I imagine it
> would be extensible to trapping HTTP or FTP exploits, and pretty much
> anything else.
>
> If you're using cryptographic key authentication in place of
> passwords, check them against the SSH and SSL blacklists, invalidate
> and regenerate any that fail.  If you are using passwords, enable
> strength testing in the password tool (I think many distributions now
> ship a passwd with cracklib support to do this).
>
> There's a few to get started.  Could make for an interesting topic for
> a talk ...
>

I vaguely thought Chris K did one on security.  Or not.  I have a poor 
memory.

One other thing to do it lock down root access.  Make sure you can't 
login as root.  Limit who can su(do).

Matt



More information about the Swlug mailing list