[olug] example intrusion detection
Trent Melcher
tmelcher at trilogytel.com
Wed Oct 6 14:22:17 UTC 2004
Another added feature is to wrapper sshd, if possible. This way not only
can specific users log in, they can only log in from specific IP addressess
or domains. The downside to this is that with a lot of ISPs using DHCP, so
wrapping on an IP address doesn't work if the users IP changed.
Trent
Trent Melcher
Network/System Administrator
Startouch International LTD.
-----Original Message-----
From: olug-bounces at olug.org [mailto:olug-bounces at olug.org] On Behalf Of Mike
Hostetler
Sent: Wednesday, October 06, 2004 9:04 AM
To: Omaha Linux User Group
Subject: Re: [olug] example intrusion detection
Great stuff! I learned a lot just by reading it.
A great basic fact is to at least shut off root logins via ssh. It's as
easy as:
PermitRootLogin no
I didn't know about this, but was looking at my logs one day and
marveled how many people were trying to ssh in as root. Perusing the
sshd_config file brought this one up.
"AllowUsers" is a good one, too, if you can restrict ssh to a few users.
Of course, running as few programs connecting to the outside is the best
course of preventative action.
--
Mike Hostetler
http://www.binary.net/thehaas
_______________________________________________
OLUG mailing list
OLUG at olug.org
http://lists.olug.org/mailman/listinfo/olug
More information about the OLUG
mailing list