[LinuxUsers] Securing an Ubuntu LTS 8.04 Server Edition

Peter Manis manis at digital39.com
Tue Oct 14 23:34:38 UTC 2008 

Can't believe I forgot this one, make sure this is in your sshd_config

PermitRootLogin no

On Tue, Oct 14, 2008 at 3:48 PM, Peter Manis <manis at digital39.com> wrote:

> These have kept me pretty safe.
>
> Install denyhosts, sshd is usually compiled to take advantage of the tcp
> wrapper library.  Denyhosts will download (if you enable the feature) a list
> of blocked ip addresses and allow you to set rules on how many login
> attempts before blocking an ip.  It also allows you to specify a purge
> period.
>
> Set AllowUsers to only the specific users you want to allow to ssh into
> your machine.  This can be just username or username at address.  I usually
> have one user that can do nothing but login and be an unpriviledged user
> with no address, and another user that is bound to certain addresses.  That
> way if I am at a remote location I can still get in and su into the user
> that has sudo access.
>
> Setup key based encryption and turn off password based logins.
> http://www.digital39.com/computers/ssh-lockdown/2008/04/ will give you a
> break down on setting that up.
>
> Install and enable logwatch and set it to the highest level of detail.
> This will send you an email with login attempts, denyhost log entries, and a
> lot of good system information.  If someone breaks in the logs will be
> useless if they are good, but it is nice to know the information logwatch
> sends out.
>
> I usually block everything but 443, 80, and 22 on my servers and use
> tunnels to get to anything else.
>
> If it is only one server it might not be possible, but setting up syslogd
> to log remotely will make the logs more effective.  The attacker would then
> have to break into the 2nd machine to get access to the /var/log/secure
> entries that he would need to remove.
>
> Check for rootkits from time to time.
>
>
>
> On Tue, Oct 14, 2008 at 3:18 PM, Ragi Y. Burhum <ragi at burhum.com> wrote:
>
>> Do any of you have a sort of checklist that you go over or reference guide
>> (self made or available somewhere) that you use when you are going to put an
>> Ubuntu Server live to the evil Internet?
>>
>> I am looking for something more specific than "close the ports that you
>> are not using" or "uninstall the stuff you don't need". "Maybe something
>> like sendmail is on by default. Take it out" or "chmod this file and that
>> file for x reason." "Use so and so package to monitor for weird activities
>> and so on and so forth"
>>
>> My Ubuntu system is working perfectly now (it has all the stuff I need)...
>> I just need to make sure that a portscanner and some brute force crap will
>> not take it out within 5 minutes of putting it live :)
>>
>> Recommendations?
>>
>> - Ragi
>>
>> _______________________________________________
>> LinuxUsers mailing list
>> LinuxUsers at socallinux.org
>> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
>>
>>
>
>
> --
> Peter Manis
> (678) 269-7979
>



-- 
Peter Manis
(678) 269-7979
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://socallinux.org/pipermail/linuxusers/attachments/20081014/aca2819b/attachment.htm>

More information about the LinuxUsers mailing list