Re: Unknown rootkit causes compromised servers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, Jan 28, 2008 at 10:36:03PM -0500, Jim Perrin wrote:
> Along the lines of staying safe, now is probably a good time to check
> your password policies.
> 
> 1. Don't allow root access to ssh. (modify /etc/ssh/sshd_config)
> 2. restrict root logins to only the local machine. (modify /etc/securetty)
> 3. Limit users with access to 'su' to the wheel group (use visudo and
> also modify /etc/pam.d/su)
> 4. Make sure root is the only one with a uid of 0. ( awk -F: '($3 ==
> "0") {print}' /etc/passwd )
> 5. Use pam to require strong passwords. (install/use pam_passwdqc
> which is part of the base distro, modify /etc/pam.d/system-auth )
> 6. Use denyhosts or pam.tally2 to restrict login attempts.
> 7. use ssh keys.
> 
> And above all, because I know many admins slack on this, and I'm
> guilty of it as well if it's not forced... ROTATE your passwords
> periodically
> 
> The recommended password requirements for root: at least 10 characters
> with a mix of upper/lower case, special characters, and numbers.
> 
> Discussion, and alternate suggestions welcome.

I will add to that list, change ssh port 22 to somthing else

Regards

Alfredo
The Sauce

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux