D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Server got hacked


On 25/11/13 14:19, Matt Lee wrote:
> Is there any reason to allow root SSH access at all?
> Keys only, users only, block failed IPs -- maybe consider changing the
> SSH port even?

No, never ever ever ever allow root logins. That's basically rule number
0, very poor show.

Whilst I agree that changing the default SSH port is useless, only allow
key based logins for a couple of restricted users. Use visudo to lock
down your elevation privileges so only certain users can initiate system
tasks. Alternatively, remove sudo completely and manually elevate to
root with "su -".

I'd be interested to know the general server configuration... I'm
presuming it wasn't very hardened. No GRSEC/PAX/SELinux I'm guessing,
and probably not even piping syslogs to a locked down separate server?

But I'd be taking the server offline ASAP, and rebuilding from my image
and backups.


The Mailing List for the Devon & Cornwall LUG
FAQ: http://www.dcglug.org.uk/listfaq