Security/Hacked System - Now what?!!
Wolfgang S. Rupprecht
wolfgang.rupprecht at gmail.com
Sun Dec 22 02:06:54 UTC 2013
bruce <badouglas at gma il.com> writes:
> You then mod SSH as required to disable root login
> OK, what else should you do?
Root login isn't a bad idea in and of itself. More important is to not
allow anything but public key logins (eg. ECDSA, RSA). For people
logging in with root credentials, give everyone a different public key
and keep a secure copy of /var/log/secure on a secure system for
backtracking breakins. Each login (including root) will show which key
was used to log in. You can easily see who lost control of their key.
I'm a firm believer in never allowing passwords logins over the net.
Users will hardly ever use random-letter-upper-lower-number passwords.
They always think they are oh so clever with easily guessed strung
together words, with or without a punctuation char.
More information about the users