[CentOS] Unknown rootkit causes compromised servers
mouss
mouss at netoyen.netTue Jan 29 10:52:39 UTC 2008
- Previous message: [CentOS] Unknown rootkit causes compromised servers
- Next message: [CentOS] Unknown rootkit causes compromised servers
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jim Perrin wrote:
> Along the lines of staying safe, now is probably a good time to check
> your password policies.
>
> 1. Don't allow root access to ssh. (modify /etc/ssh/sshd_config)
>
why isn't this the default?
> 2. restrict root logins to only the local machine. (modify /etc/securetty)
> 3. Limit users with access to 'su' to the wheel group (use visudo and
> also modify /etc/pam.d/su)
>
same question here.
> 4. Make sure root is the only one with a uid of 0. ( awk -F: '($3 ==
> "0") {print}' /etc/passwd )
> 5. Use pam to require strong passwords. (install/use pam_passwdqc
> which is part of the base distro, modify /etc/pam.d/system-auth )
> 6. Use denyhosts or pam.tally2 to restrict login attempts.
> 7. use ssh keys.
>
[snip]
- Previous message: [CentOS] Unknown rootkit causes compromised servers
- Next message: [CentOS] Unknown rootkit causes compromised servers
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list