FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 12-27-2007, 07:10 PM
Tom Horsley
 
Default Seeing input on Securing the Linux system from intrusions and attacks.

On Thu, 27 Dec 2007 11:10:47 -0800
"Daniel B. Thurman" <dant@cdkkt.com> wrote:

> Does anyone have any advice, links to great sites focused on security
> and how to secure your linux box against intrusions and attacks?

Well, what I'm doing is this:

1. My system is hooked to an external router/firewall combo with
only port 22 (sshd) open and forwarded to it.

2. My sshd_config file is setup to disable all forms of authentication
except for public key, and the only valid public key file is
encrypted on my system at work (with a passphrase only I know that
isn't written down anywhere).

3. My /etc/hosts.allow and /etc/hosts.deny files are setup so that
only the IP address of my work system (or the address it appears to
have after it gets through the corporate firewall) is allowed
to ssh in.

This winds up with a few lines like this appearing in the security
log every day:

sshd[14989]: refused connect from u16-159.static.grapesc.cz (::ffff:82.100.16.159)

Of course, this all works for me where I just want to be able to
get into my home system from work, and don't have a public server
I actually want folks to access. If I need anything more than ssh,
I can always use port forwarding through ssh to get to other things.

One other gimmick: Within my local network at home, I don't want such
restrictions as only public key, so with the latest sshd in fedora 8,
I can use a "Match" directive to allow more kinds of authentication
within my local home network.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 11:50 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org