Re: pop3 attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Dec 9, 2008, at 2:33 PM, Bill Campbell wrote:

> Once the cracker finds an account with a guessable password, they  
> may well
> be able to get access to your system as that user via ssh, webmin,  
> usermin,
> or other means.  Given shell access, the cracker can install user- 
> level IRC
> servers or gain root access via exploits that only work for local  
> users.  I
> have seen cases where crackers were able to change user shells and  
> other
> information via usermin or webmin by exploiting vulnerabilities in  
> system
> utilities thus gaining access to the system.

You can keep compromised accounts from logging in via ssh with the  
"AllowUsers" option in your /etc/ssh/sshd_config file.  Add that  
option followed by a list of user names that you want to be able to  
log in, ex:

# Only let Fred Guru and Joe Admin in, block anyone
# else even if they have a valid password.
AllowUsers fred joe

And you should also set "PermitRootLogin no" while you are in  
sshd_config.

Be sure to do a "service sshd restart" after you change the file, and  
do a test login _before_ you log out of your current session.  Saves  
cursing and late night drives to remote servers in case sshd barfs  
somehow :-)

--Chris

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux