On 12/1/06, centos@xxxxxxxxxxxxxxx <centos@xxxxxxxxxxxxxxx> wrote:
On Fri, 1 Dec 2006 08:51:02 -0500 Steve Huff <shuff@xxxxxxxxx> wrote: > let me add another suggestion to the flood: once you've rebuilt > the box, install DenyHosts (http://denyhosts.sourceforge.net/). > this tool is quite effective at blocking brute-force ssh attacks; > not only will this make it much harder for an attacker even if you > should happen to set a weak password on an account in the future, > but it will also reduce the amount of CPU time and memory wasted on > dealing with brute-force ssh attacks. http://www.bastille-linux.org/ Bastille is an interactive program that will guide you on how to lock-down your boxes. They even have an OsX beta version. It goes into even more area than was mentioned by the others. It asks you questions with very extensive explanations and then will apply the changes for you at the end.
Be very very careful with Bastille. Read the documentation first and realize that you may lock yourself out of your system etc. In the last year I have had to walk over 20 people on how to boot from a cdrom, remount, try to undo the Bastille changes, and get the box in a working state. -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
