[RDD] security breach
atftb2 at alaska.net
Sun Nov 25 18:32:02 EST 2012
On 11/25/2012 10:51 AM, James Harrison wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Best approach is not to use passwords - SSH keys are simple to set up
> and you can disable password authentication in sshd, which makes your
> system practically uncrackable.
Took the words right out of my mouth. The other thing I like to do is
disable ssh 1 and ssh to root. If you need root access from afar, ssh
to a non-privileged account then "su -" to gain root.
> Fail2ban is also an excellent program to run - it will automatically
> block in iptables anything that fails to login more than a few times,
> which stops most automated bots.
As a further step, you could set up an openVPN server and not expose
your rivendell box to inbound internet traffic at all. You create a
tunnel to the openVPN server then you're 'local' and can ssh to the rd
host. Linux Journal had a great three part write-up on this a few years
back in the Paranoid Penguin column. (The ssh/openVPN part, not the
rivendell part.) Best of luck with the cleanup...
Kevin Miller - http://www.alaska.net/~atftb
In a recent survey, 7 out of 10 hard drives preferred Linux
Registered Linux User No: 307357, http://linuxcounter.net
More information about the Rivendell-dev