Re: Secure Server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Alejandro Rodriguez Luna wrote:
> I just wanted ask about the security of services like ssh, dns,
> etc,  what is the best way to secure this services?, perhaps
> /etc/hosts.allow and /etc/hosts.deny?, or perhaps with a superserver
> inetd or xined?,

Well, the 'best way' is quite subjective.  IMO, disabling any services
that are not used is the first step.  For sshd, I disable password
access and only allow authentication via keys.  I also disable root
login via ssh.  Then I limit the users allowed to login via AllowUsers
in the sshd config file.  Some people also use denyhosts or similar
methods to lock out IP addresses that make numerous unsuccessful login
attempts.  Overall, I don't spent a lot of time worrying about
openssh.  The OpenSSH project has an excellent security record.

DNS is a little more worrying, as BIND has had more problems over the
years.  It has been much better in recent years though.  By default,
the named service is run as a non-root user.  It's also confined by
SELinux.  It can optionally be run in chroot jail, that might further
limit a successful exploit of the service.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Even moderation ought not to be practiced to excess.

Attachment: pgpU7RClUblsZ.pgp
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux