[lug] Attacks Intensifying
Bill Thoen
bthoen at gisnet.com
Thu Oct 28 10:42:35 MDT 2004
On Thu, 28 Oct 2004, George Sexton wrote:
> I think a good idea is to set "PermitRootLogin" to no as a matter of
> routine, so that even if you have a bogus password, it won't work.
>
> The second thing I recommend doing is to create a group of people (say
> "sshusers") who are explicitly allowed to use SSH and put the configuration
> directive "Allow Groups sshusers" in the sshd_config.
I've now done all that after getting hacked a few weeks ago. From my
notes:
Edit /etc/ssh/sshd_config
Protocol 2
PermitRootLogin no
AllowUsers (just one non-privileged user, with a good, long, random
password)
So far it's stood the test, but the barbarians keep beating on the walls
anyway.
A bigger problem I'm going to have is how to keep RedHat 9 updated as new
"buffer overflow" exploits and such are discovered. RH9 is no longer
officially supported, and I'm not smart enough to make code corrections
myself and rebuild from source. I guess I just need to keep good backups
and see what happens to my little sand castle.
- Bill Thoen
More information about the LUG
mailing list