hacked - looking for doc/suggestions on hardening/securing systems from the start

Paweł Sikora pawel.sikora at agmk.net
Thu Dec 19 18:49:43 UTC 2013

On Friday 20 of December 2013 03:46:13 Tim wrote:
> Allegedly, on or about 18 December 2013, Rick Stevens sent:
> > 3. Make sure you enforce complex passwords and require them to be
> > rotated at least every 90 days.
> I take issue with the continually changing passwords idea.

using rotated passwords for ssh login is painful for human brain :)
disabling passwd-auth and using ssh-key protected with single strong
password is better for brain and security.

for reducing services load and flood in /var/log/secure
i suggest cut-off ipset rules based on ipdeny/dot/com and sshbl/org.


gpg key fingerprint = 60B4 9886 AD53 EB3E 88BB 1EB5 C52E D01B 683B 9411

More information about the users mailing list