hacked - looking for doc/suggestions on hardening/securing systems from the start
Paweł Sikora
pawel.sikora at agmk.net
Thu Dec 19 18:49:43 UTC 2013
On Friday 20 of December 2013 03:46:13 Tim wrote:
> Allegedly, on or about 18 December 2013, Rick Stevens sent:
> > 3. Make sure you enforce complex passwords and require them to be
> > rotated at least every 90 days.
>
> I take issue with the continually changing passwords idea.
using rotated passwords for ssh login is painful for human brain :)
disabling passwd-auth and using ssh-key protected with single strong
password is better for brain and security.
for reducing services load and flood in /var/log/secure
i suggest cut-off ipset rules based on ipdeny/dot/com and sshbl/org.
BR,
Paweł.
--
gpg key fingerprint = 60B4 9886 AD53 EB3E 88BB 1EB5 C52E D01B 683B 9411
More information about the users
mailing list