Securing your server

[modem7]

First off, going to request admins if it's possible to either create a new security section or to sticky this topic.

Hey guys,

Recently had a few brute force attempts on my server on the SSH port.

Now, this is going to be an occurrence whether you like it or not, especially from script kiddies who attack port 22 (they will rarely look at other ports so I'm told).

These are the steps I made to minimise/eliminate this sort of behaviour:

Step 1. Do you REALLY need SSH access remotely? (I did, but it's a question you have to ask yourself).

Step 2. Do you need SSH on port 22? If not, change the port!

Step 3. Check your logs to make sure that no-one has tried to get in already (or succeed).

Step 4. Install LogWatch so that you can get emails about unsuccessful login attempts and from what IPs (it will be under the "SSHD" heading).

Step 3. Install Fail2Ban (http://www.fail2ban.org) and configure it accordingly (http://linuxaria.com/howto/fail2ban-bru ... ks?lang=en or use Google).

Step 4. Install DenyHosts (this will be a secondary tool to assist you and will run alongside Fail2Ban - again, configure appropriately).

Step 5. If you already have some IP addresses, add them to your IPTables.

*Optional*

Step 6. Disable root logins (this will stop anyone logging in as root, and will only allow other usernames to login).

Step 7. Ensure you have SSL Keypairs enabled (https://wiki.amahi.org/index.php/Key-ba ... With_Putty).

Anything else, please feel free to comment below!

[bigfoot65]

Good info. Would you mind adding this to the wiki. I think that would be a better place to capture things of this nature.

Would also be nice if we could get some tutorials documented on how to do some of the lock downs you mention in Amahi. There are many who would appreciate it.