Jump to content

Ygritte

Member
  • Posts

    4
  • Joined

  • Last visited

  • Feedback

    0%

About Ygritte

Informations

  • Gender
    Female

Ygritte's Achievements

Newbie

Newbie (1/16)

  • First Post
  • Week One Done
  • One Month Later
  • One Year In

Recent Badges

2

Reputation

  1. I will assume your server platform is a FreeBSD based one. "Security is a journey, not a destination", let's keep this in mind. Probably/arguably the most abused service on a server is the sshd daemon, many and i mean MANY sysops run it with default settings and scratch their heads when funny things happen, Some configuration directives that should be set/modified follow, please feel free to add your own: have the daemon listen on a single address and different port per host, default are all addresses and port 22, think jails, you can/must have an instance running on the host and separate instances for every jail, independently disable root login, add your trusted users to wheel group so that they can su to root or use sudo to gain root privileges allow only certain users to connect (AllowUsers user1 user2 directive), use su or sudo, see above use key based logins only Bruteforce attempts should be blocked at firewall level, sshguard does work together nicely with pf, ipfw, ipfilter, even iptables Jail your Internet facing services whenever you can (always ) Use kern.securelevel 3 sysctl but only and only when everything is set up and working the way expected, be very careful here, a superprocess can increase the secure level but cannot decrease it. A good reading can be the Handbook and/or security(7) man page online. Read religiously the security advisories, what help is a tied down operating system if one runs on it backdoored/buggy or otherwise compromised applications?Compile yourself your programs whenever is possible, you have access to sources, you can iron out bugs or can spot suspicious code that could/should make a security aware sysop rise an eyebrow. Now, a scary reading for those who think security really exists: Reflections on Trusting Trust by Ken Thompson (it gets scary in Stage II, just read patiently).
  2. Kill the Messenger , excellent biographic film.
  3. Lol. Your command should look like: su sshstefan Please don't just copy/paste snippets into your console, that's a really-really bad kung-fu
×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.