Re: [Fedora] Seeing input on Securing the Linux system from intrusions and attacks.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 27 Dec 2007 11:10:47 -0800
"Daniel B. Thurman" <dant@xxxxxxxxx> wrote:

> Does anyone have any advice, links to great sites focused on security
> and how to secure your linux box against intrusions and attacks?

Well, what I'm doing is this:

1. My system is hooked to an external router/firewall combo with
only port 22 (sshd) open and forwarded to it.

2. My sshd_config file is setup to disable all forms of authentication
except for public key, and the only valid public key file is
encrypted on my system at work (with a passphrase only I know that
isn't written down anywhere).

3. My /etc/hosts.allow and /etc/hosts.deny files are setup so that
only the IP address of my work system (or the address it appears to
have after it gets through the corporate firewall) is allowed
to ssh in.

This winds up with a few lines like this appearing in the security
log every day:

sshd[14989]: refused connect from u16-159.static.grapesc.cz (::ffff:82.100.16.159)

Of course, this all works for me where I just want to be able to
get into my home system from work, and don't have a public server
I actually want folks to access. If I need anything more than ssh,
I can always use port forwarding through ssh to get to other things.

One other gimmick: Within my local network at home, I don't want such
restrictions as only public key, so with the latest sshd in fedora 8,
I can use a "Match" directive to allow more kinds of authentication
within my local home network.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux