hacked - looking for doc/suggestions on hardening/securing systems from the start
Roger Heflin
rogerheflin at gmail.com
Thu Dec 19 17:44:05 UTC 2013
If you have not installed it, install denyhosts...it watches for ssh
password attacks and locks out hosts automatically.
It does limit the number of attempts someone gets before being
completely locked out.
On Thu, Dec 19, 2013 at 11:22 AM, Mark Haney <mhaney at practichem.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/19/2013 12:16 PM, Tim wrote:
>
>> You really need something that detects attempt to crack passwords,
>> responds appropriately to thwart the attacks while they happen,
>> and immediately notifies you that an attempt is happening as it
>> happens (e.g. email to a separate system), so you know to check,
>> and the notification isn't stored on somewhere that will be deleted
>> during the attack.
>>
>
> I'm kind of with you on the password rotation part. I do certainly
> see the need for routinely changing non-local (ie internet) passwords,
> but I'm not always convinced rotating internal ones make sense in
> every case.
>
> I personally use fail2ban for any internet facing system that has, for
> instance, ssh open. It works well and I get notification of password
> intrusion attempts if the login fails X number of times. Personally,
> I have mine set to disable login permanently instead of setting a time
> limit, then I can re-enable when I have time. As far as SSH goes I
> also have only one user account that is ssh accessible so I don't need
> to worry about my kids accounts, etc.
>
> - --
> Mark Haney
> Network Administrator/IT Support
> Practichem
> W:919-714-8428
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJSsytUAAoJEDgEuzPE0JQveb8H/RHTo+KqbqWH1Nm+2Dq9avV9
> qzorJplqPpus8f12mggl2Ep51k4bY7kp8nsY0GCVzHaFggzVkB8EphEhnTnBXlYY
> IWJyQ1VyWiJJa7CpL4fH/Vb/dK2n57rBDh8GDgsRrafALr9dXzFGtVkJtC2MQ/NP
> FndAK9Gd9dHrxKFrtyAFSszYuiHgdbCZB7VHLkCWaYJD8CwqdiWljV5i51pZedTX
> XvTSq57fKRwgUpSJXj4LbEONJSaXCk11Y/mrIP1rZW6Ya2HcSS3ga6uVBSeAGZGt
> 3aoc7UBDZ9xJk5EKk4yuZnlUhPbXT94Lmge7NuTX+vKtBv/c0n6lnn2zUQKn4Ck=
> =sjeu
> -----END PGP SIGNATURE-----
>
> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
More information about the users
mailing list