On Tue, 2011-12-06 at 18:12 -0600, Les Mikesell wrote: > I'd expect it to be at least typical to firewall direct ssh access > from the internet. A Linux newcomer, untrained and a self-learner, I made an abrupt immersion into Linux on 1 June 2010. It was a steep learning-curve. The first thing I did was to make a 20-odd character password for Root with lowercase, uppercase and digits (using my former address in Germany). The next thing I did was to change the default SSH port number AND restrict access to 3 approved IP addresses only. Anyone who leaves SSH on a default port open to any IP address is stupid. Anyone not wanting to allow SSH access into their machine should consider:- chkconfig --list|grep ssh chkconfig sshd off service sshd stop Long, not easy to guess and totally beyond the reach of dictionary attacks, passwords for Root are absolutely essential. Security begins with a minimum password length of 12 characters for ALL users. Rootkits are another essential. There is a real war on. No sensible person lays down and lets the enemy walk all over them. Constant and widespread defence is vitally important. Every day I see evidence of many hacked computers all around the world. It persuades me to think many admins are simply incompetent - they seem to use Windoze. A professional qualification in basic server security would be a useful attribute. -- With best regards, Paul. England, EU. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos