hacked - looking for doc/suggestions on hardening/securing systems from the start

[Paweł Sikora]

On Friday 20 of December 2013 03:46:13 Tim wrote:
> Allegedly, on or about 18 December 2013, Rick Stevens sent:
> > 3. Make sure you enforce complex passwords and require them to be
> > rotated at least every 90 days.
> 
> I take issue with the continually changing passwords idea.

using rotated passwords for ssh login is painful for human brain :)
disabling passwd-auth and using ssh-key protected with single strong
password is better for brain and security.

for reducing services load and flood in /var/log/secure
i suggest cut-off ipset rules based on ipdeny/dot/com and sshbl/org.

BR,
Paweł.

-- 
gpg key fingerprint = 60B4 9886 AD53 EB3E 88BB 1EB5 C52E D01B 683B 9411