Results 1 to 2 of 2
I have a VPS account at a webhosting co. that runs Fedora Core 4. I am in the process of setting it up. Last week the site was breeched after ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-15-2006 #1
- Join Date
- Feb 2006
Fedora Core 4 - Server Security
I have a VPS account at a webhosting co. that runs Fedora Core 4. I am in the process of setting it up.
Last week the site was breeched after being up and running for only a couple of weeks. A non-authorized users was able to access one of the user accounts. The server is fine. My server was being used to attack another server. I'm not sure what caused the breech. I'm still investigating. My guess is that one of account passwords was compromised.
I'm looking for advice on how to manage the server to make sure this doesn't happen again. I'm guessing the intruders figured out the password by trying signin attempts until they cracked the password. They may have known somehow that the site was new and counted on that fact that some default passwords were still in place. I've changed the passwords.
So here are my questions. How do I setup Linux to only allow a minimal number of signon attempts before degrading the signon performance or inactivating a user account? At a minimum, I'd like to log signon attempts so I've got some idea who is trying to access my server. If that info is currently available, how to access it in the system.
What are the best practices for managing this risk?
Also, I've noticed on othe sites that passwords are automatically scrutinized to assess how secure they are to encourage users to create better passwords. How do I do something like that in linux?
Thank you in advance.
- 02-15-2006 #2
How are users accessing your system? One of the best ways to enhance security is to force users to log in with SSH, and turn off all access through other mechanisms.
SSH on it's own isn't particularly secure until you tighten things down a little. If your users normally log-on from a particular place, you can limit access to ssh to their static IP address. You can also turn off password access and force everyone to use keys - this is a big improvement to security. If you have to allow password logins, make sure that users passwords are scanned for easily breakable or guessable passwords. You can use tools like John the Ripper to check password security and disable accounts as necessary.Linux user #126863 - see http://linuxcounter.net/