skiller Posted May 14, 2011 Share Posted May 14, 2011 All hack attacks and other rubbish, etc. were we all getting, is from Linux users with an unsafe system. The hacker assume the Linux machine and the owner of the machine do not realize that. That is the funny thing why we all get attacks. I am writing here a how to what you have to do first after you finished your Linux installation. This is basic and the first thing what you have to do. It is easy to understand and for beginners it takes arround 20 minutes. My favourite distri is Debain. I am not using Linux for desktop. I read many posts and saw many users are using it as a desktop. This guys should follow up this how to, when they have access from the WAN via SSH or Telnet to the local machine. 1. Create a new user, it could be a name and follwed with some digits. 2. Choose a strong password with special charkters like +=% If you choose passwords like: passw0rd or other simple names, you get hacked straight away. 3. Add this new user into the file /etc/sudoers vi /etc/sudoers Look for "User privilege specification" below the user "root" you write Your_new_username ALL=(ALL) ALL 4. Now we change the standard SSH port 22 to another port, I am using the birthday from my wife: 2412 edit the file /etc/ssh/sshd_config vi /etc/ssh/sshd_config Please check your firewall settings before you do that, the Port 2412 TCP must be open Restart the SSH daemon /etc/init.d/sshd restart 5. Now try and login with your new user and choose the new SSH port If you are in with your new user, you need to have root permission´s sudo su - Enter the PW from the new user. Now you have root permissions! 6. Edit again the file /etc/ssh/sshd_config and look for # Authentication vi /etc/ssh/sshd_config Change the PermitRootLogin to: PermitRootLogin no Restart the SSH daemon /etc/init.d/sshd restart root is a known user on each Linux machine, with PermitRootLogin no we have diabled the user root and it is more secure. There are many other things to make Linux safe. I am using on my server´s fail2ban too. I have in my mind this is the basic for everybody and easy to undestand. Comments are almost welcome.... Cheers Michael Link to comment Share on other sites More sharing options...
ukrules Posted May 14, 2011 Share Posted May 14, 2011 This won't solve many problems at all, only weak password based problems. I use port 22 for ssh and allow direct root shell login using both the username on certain accounts and ssh keys, of course my root password resembles a 10-12 randomised 'key' anyway and I have never had any kind of issue with a login being compromised, not in the last 15 years. At one point we only allowed logins from pre defined IP addresses via some archaic script but in truth that made things a lot more hassle than it was worth when there was some kind of other problem which required manual intervention. It's far more likely that people will gain some form of access from a weak script by manipulating the submitted variables (both POST and GET), using strangely formatted URL's or submitting usernames containing malformed commands terminated with mysql comments on the end resulting in a simple kind of exploit which will allow entrance. This is due to the programmers complete lack of experience regarding the most basic of programming security. The main culprit for these kind of attacks in my experience is badly written open source software. There's other things you can do to make a brute force attack impossible on your ssh port. Simply changing the port will make little difference when someone can run a port scanner which checks every possible port number identifying any program that's listening on your server. Link to comment Share on other sites More sharing options...
urandom Posted May 14, 2011 Share Posted May 14, 2011 @skiller you may not want to grant access to any user to *anything* with sudo, you can set it up so he can access only specific paths. good practices WRT ssh are also using AllowUsers so only some of them can get access. you should really consider key authentification also, it is way more secure than password only. in fact in that case, you should disable password auth. @ukrules using higher ports does make a difference, port scanners will most likely scan the first 1,000 ports. check your logs and see how many brute force attempts you had on port 22. change to higher ports, all gone. to allow only specific IPs, you can use hosts.allow instead of archaic scripts finally, WRT security and FWIW, here are the few things I try to use: * simple iptables rules (stateful firewall) * unbound, DNSSEC enabled * grsec kernel patch (low) when running a stable kernel * hardened toolchain (relevant if you're using a source based distro) * using ASCII passwords generated by https://www.grc.com/passwords.htm * using ssh tunnelling on any hostile networks (i.e. not my network ) * minimal custom kernel with CONFIG_CC_STACKPROTECTOR=y * privoxy * as few daemons as possible Link to comment Share on other sites More sharing options...
urandom Posted May 14, 2011 Share Posted May 14, 2011 [OT]why can't I edit my post anymore, is there any time limit?[/OT] forgot to add: * only root has /sbin and /usr/sbin in its $PATH * i have a few gigs LUKS encrypted partition for my tentacle hentai sensible data. Link to comment Share on other sites More sharing options...
skiller Posted May 14, 2011 Author Share Posted May 14, 2011 You both guys are exactly right. I did not write this to open a discussion how to make a linux server safe. Of cource there are many things, like login only from a specific IP, RSA kyes for SSH, and, and..... Which kind of answer are you getting, if you ask a linux newbie for iptables? Please do not missunderstand my post. I said this is the basic..... Cheers Michael Link to comment Share on other sites More sharing options...
Prasert Posted May 14, 2011 Share Posted May 14, 2011 How likely is it that a newbie will build a linux server? I think that the majority here will use linux with a mouse. Running linux as a server in initlevel 3 and using only the commandline, is not really a newbie thing... Link to comment Share on other sites More sharing options...
Cloggie Posted May 16, 2011 Share Posted May 16, 2011 (edited) Skiller, If you live in Bangkok, interested in joining our monthly IT meetings - http://www.thaivisa....ntu-it-meeting/ Cheers, Cloggie Edited May 16, 2011 by Cloggie Link to comment Share on other sites More sharing options...
Crushdepth Posted May 16, 2011 Share Posted May 16, 2011 Passwords aren't a good security measure for internet-facing services. It's way better to use key-based authentication for SSH. If you have the option, whitelisting IP addresses that are permitted to connect to SSH is a very effective way to get rid of brute force attacks entirely. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now