[CentOS] I appear to be attacking others

Tue Feb 7 01:46:28 UTC 2006
James Gagnon <jamesg at nucleus.com>

> The O'Reilly Linux Server Security book's a good read if you have at
> least a little Unix admin/user experience. It re-iterates a lot of the
> good advice that's been covered on the list about securing SSH by
> running on a non-standard port, only allowing key based auth and then
> only for a limited subset of users/groups.

> They also cover bastion firewalling. Essentially, anything internet
> facing (or security sensitive), even if behind another firewall, it's
> good practice to firewall to the hilt. The more layers the better.

> Secure your OS. Secure your apps. Secure your network. A lot of it's
> just common sense. Unless you're full time job is nothing but security
> and you can track all the current vulnerabilities and infer where the
> next ones will be just assume every thing's a risk and lock
> down/remove everything you don't absolutely require to mitigate the
> likelihood of getting owned.

> Link-wise, I'd say the more you read the better.

> http://www.google.co.uk/search?hl=en&q=hardening+linux&btnG=Search&meta=

> http://www.google.co.uk/search?hl=en&q=hardening+redhat&btnG=Search&meta=

> Start with those. :)

> Bear in mind, if you're messing with stuff you're not sure about, use
> a test machine/have backups/make sure you can reinstall from scratch
> if you break somethign or get burned somehow.

> Will.

Thanks Will.  One thing I have always done with SSH is run it on a 
non-default port.  Its funny I left it on 22 once and watched the log 
reports every morning in my email for a few days and the amount of people 
trying to login as the root user was amazing... the report was 40-50 lines 
longer than normal just from all the attempts... I then chose a port over 
10000 as they say most port scanners usually scan port 1-10000.  Once I did 
that I have not seen one attempt to try and access root through SSH or any 
user for that matter.  Good tip though... =)

And yeah I always have a test machine for breaking stuff on... I think thats 
how I have learnt most of what I know about linux is breaking it and 
re-installing it many many times ;)

Thanks for the info, very much appreciated... Gonna check out EBAY for that 
book and check out those links so I have some reading to do.. thanks again!

James