Find the answer to your Linux question:
Results 1 to 2 of 2
I have a VPS account at a webhosting co. that runs Fedora Core 4. I am in the process of setting it up. Last week the site was breeched after ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2006
    Posts
    6

    Fedora Core 4 - Server Security


    I have a VPS account at a webhosting co. that runs Fedora Core 4. I am in the process of setting it up.

    Last week the site was breeched after being up and running for only a couple of weeks. A non-authorized users was able to access one of the user accounts. The server is fine. My server was being used to attack another server. I'm not sure what caused the breech. I'm still investigating. My guess is that one of account passwords was compromised.

    I'm looking for advice on how to manage the server to make sure this doesn't happen again. I'm guessing the intruders figured out the password by trying signin attempts until they cracked the password. They may have known somehow that the site was new and counted on that fact that some default passwords were still in place. I've changed the passwords.

    So here are my questions. How do I setup Linux to only allow a minimal number of signon attempts before degrading the signon performance or inactivating a user account? At a minimum, I'd like to log signon attempts so I've got some idea who is trying to access my server. If that info is currently available, how to access it in the system.

    What are the best practices for managing this risk?

    Also, I've noticed on othe sites that passwords are automatically scrutinized to assess how secure they are to encourage users to create better passwords. How do I do something like that in linux?


    Thank you in advance.


    Lee

  2. #2
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,848
    How are users accessing your system? One of the best ways to enhance security is to force users to log in with SSH, and turn off all access through other mechanisms.

    SSH on it's own isn't particularly secure until you tighten things down a little. If your users normally log-on from a particular place, you can limit access to ssh to their static IP address. You can also turn off password access and force everyone to use keys - this is a big improvement to security. If you have to allow password logins, make sure that users passwords are scanned for easily breakable or guessable passwords. You can use tools like John the Ripper to check password security and disable accounts as necessary.
    Linux user #126863 - see http://linuxcounter.net/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •