[SWLUG] keeping server secure

Matthew Moore matt at matthewmoore.org.uk
Sun Sep 19 15:28:30 UTC 2010

On 18/09/10 22:32, Chris Jackson wrote:
> On 18 September 2010 19:25, Neil Jones<neil at nwjones.demon.co.uk>  wrote:
>>   For those of you who know about server security.
>> You have a server what would you do to stop it being compromised?
> The only certainty is never to turn it on. :o)
> The obvious step is to ensure any services you don't need aren't
> running, and any services that don't need to listen to the Internet
> aren't accessible from it.  It may be worth configuring the firewall
> to drop traffic for anything that isn't listening to the outside
> world, since an active refusal may tell an attacker that something is
> running which may be exploitable in other ways.
> fail2ban can help restrict some attack vectors by spotting patterns in
> error logs - it will block IP addresses that make repeated SSH login
> attempts, for instance.  Without having looked into it, I imagine it
> would be extensible to trapping HTTP or FTP exploits, and pretty much
> anything else.
> If you're using cryptographic key authentication in place of
> passwords, check them against the SSH and SSL blacklists, invalidate
> and regenerate any that fail.  If you are using passwords, enable
> strength testing in the password tool (I think many distributions now
> ship a passwd with cracklib support to do this).
> There's a few to get started.  Could make for an interesting topic for
> a talk ...

I vaguely thought Chris K did one on security.  Or not.  I have a poor 

One other thing to do it lock down root access.  Make sure you can't 
login as root.  Limit who can su(do).


More information about the Swlug mailing list