-
Posts
4 -
Joined
-
Last visited
-
Feedback
0%
Content Type
Forums
Store
Third Party - Providers Directory
Feature Plan
Release Notes
Docs
Events
Posts posted by Ygritte
-
-
Kill the Messenger , excellent biographic film.
-
Lol.
Your command should look like:su sshstefan
Please don't just copy/paste snippets into your console, that's a really-really bad kung-fu
- 1
Server security
in Community Support - Questions & Answers
Posted
I will assume your server platform is a FreeBSD based one. "Security is a journey, not a destination", let's keep this in mind.
Probably/arguably the most abused service on a server is the sshd daemon, many and i mean MANY sysops run it with default settings and scratch their heads when funny things happen, Some configuration directives that should be set/modified follow, please feel free to add your own:
Bruteforce attempts should be blocked at firewall level, sshguard does work together nicely with pf, ipfw, ipfilter, even iptables
Jail your Internet facing services whenever you can (always )
Use kern.securelevel 3 sysctl but only and only when everything is set up and working the way expected, be very careful here, a superprocess can increase the secure level but cannot decrease it.
A good reading can be the Handbook and/or security(7) man page online.
Read religiously the security advisories, what help is a tied down operating system if one runs on it backdoored/buggy or otherwise compromised applications?Compile yourself your programs whenever is possible, you have access to sources, you can iron out bugs or can spot suspicious code that could/should make a security aware sysop rise an eyebrow.
Now, a scary reading for those who think security really exists: Reflections on Trusting Trust by Ken Thompson (it gets scary in Stage II, just read patiently).