[CentOS] Linux malware attack

Fri Mar 21 21:07:32 UTC 2014
Thomas Harold <thomas-lists at nybeta.com>

On 3/19/2014 2:50 PM, Ned Slider wrote:
> 
> Just to add, I'm sure everyone has already read and implemented many of 
> the suggestions here:
> 
> http://wiki.centos.org/HowTos/Network/SecuringSSH
> 
> Numbers 2 and 7 have already been highlighted in this thread.
> 

#1 These days I would say that 8 chars minimum length is too few, even
if they are completely random (and most won't be).  If you're not
willing to type gibberish, then a more reasonable minimum length is
12-14.  Especially for your root password (or other administration
accounts).

If you have your users creating 15+ character passwords, don't make them
change it every 30/60/90 days.  Password aging hurts more then it helps
as passwords grow longer.  Users are more likely to adopt poor behavior
like simply adding or incrementing numbers from month to month.  Longer
durations, like 3-5 years, give the users time to memorize the password
rather then just keeping it on a sticky on the desk.

#2 (disable root login) is a must for any public facing box, and a
strong recommendation for all other boxes.  It's the top target of
attack, so why allow it to be attacked at all?

#5 (non-standard port) is very useful.  Not for protecting yourself
against attack, but from not having your log files fill up with all of
the automated attack scripts.  Which makes it easier to spot the more
serious attackers who have taken the time and effort to find your SSH port.

#7 (public-key pairs) is also a must for any public-facing box.  It
defeats all attempts to brute-force account passwords remotely.

Now you just have to worry that someone will steal your private key
files.  But if someone has gotten far enough inside to steal your
private key file then you have bigger security problems to worry about.