[lug] Firewall / Lockdown questions

dio2002 at indra.com dio2002 at indra.com
Tue Jul 31 18:57:18 MDT 2007


> Unless you need mysql to talk to outside systems, I would lock that down
> to lo/127.0.0.1 as well.

mysql only needs local access.  what's the best way to do that?  i've seen
a variety of things online including the following params in my.cnf:

bind-address
skip-networking

> You may want to allow in ssh so that you can manage it.

I'm doing that as well.  Trying to find the best method to lock that down
as well.  I've seen a variety of solutions for this.  any suggestions more
than welcome for sshd_config options and or methods.

Also, what would be the best way to monitor brute force or other
suspicious attempts against ssh?  i think /var/log/secure is the main log
file. I could manually inspect that periodically but it would be better if
i was automatically alerted in some way via email?  should i set a cron
script to grep for a key phrase in this file and mail periodically? any
other ideas?

thanks



More information about the LUG mailing list