On Mon, Jan 28, 2008 at 10:36:03PM -0500, Jim Perrin wrote:
Along the lines of staying safe, now is probably a good time to check your password policies.
- Don't allow root access to ssh. (modify /etc/ssh/sshd_config)
- restrict root logins to only the local machine. (modify /etc/securetty)
- Limit users with access to 'su' to the wheel group (use visudo and
also modify /etc/pam.d/su) 4. Make sure root is the only one with a uid of 0. ( awk -F: '($3 == "0") {print}' /etc/passwd ) 5. Use pam to require strong passwords. (install/use pam_passwdqc which is part of the base distro, modify /etc/pam.d/system-auth ) 6. Use denyhosts or pam.tally2 to restrict login attempts. 7. use ssh keys.
And above all, because I know many admins slack on this, and I'm guilty of it as well if it's not forced... ROTATE your passwords periodically
The recommended password requirements for root: at least 10 characters with a mix of upper/lower case, special characters, and numbers.
Discussion, and alternate suggestions welcome.
I will add to that list, change ssh port 22 to somthing else
Regards
Alfredo The Sauce