Results 1 to 6 of 6

Thread: Simple Strategies to Securing Your Server

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1

    Default Simple Strategies to Securing Your Server

    Here are some very simple steps you can take to beef up security on your VPS, in order to decrease your chances of getting hacked.

    Part 1: SSH

    There are two very critical things we need to do to SSH. SSH is like the drawbridge to your castle. You can make everything else as strong as you like, but if SSH is wide open, anyone can get in.

    We're going to edit the SSHd config file, which is located at /etc/ssh/sshd_config

    The two simplest things we can do to tighten security here is to change the port and protocol version.

    Change the lines:
    Port 22
    Protocol 2, 1
    Port 222
    Protocol 2
    Please note that you can change the port to just about anything you like, let's just avoid staying on port 22.

    Now save the file, and restart sshd.
    For RedHat/CentOS VE's:
    service sshd restart
    Everyone else:
    Making this one simple change will really throw a monkey wrench in the hackbot brute force tactic.

    Part 2 (Optional):

    The scanscript!

    I use this one on my personal servers.
    rm -f ttt
    touch tmp
    # disabled IPs can be obtained from /etc/sysconfig/iptables
    grep DROP /etc/sysconfig/iptables|awk '{print $5}' >tmp
    # ------------------------ DoS attacks rule -------------------------
    #identity mismatch in secure
    grep Did /var/log/secure|awk '{print $12}' >>tmp
    #Invalid user
    grep "Invalid user" /var/log/secure|awk '{print $10}' >>tmp
    # Maximum login
    grep "Maximum login" /var/log/secure|awk '{print $7}'|sed 's/.*\[\(.*\)\])/\1/g' >>tmp
    # ------------------ reduce redundant IPs from tmp file -------------
    size=`/usr/bin/wc tmp|awk '{print $1}'`
    while test $i -lt $size
          us=`sed -n 1p tmp`
          sed /$us/d tmp >tmps
          echo $us >>ttt
          cp -f tmps tmp
          size=`/usr/bin/wc tmp|awk '{print $1}'`
    rm -f tmp tmps temp0 temp
    # ------------------ activate detected IPs --------------------------
    size=`wc ttt|awk '{print $1}'`
    size=`expr $size + 1`
    /sbin/iptables -F
    while test $i -lt $size
            ip=`sed -n "$i"p ttt`
            i=`expr $i + 1`
    /sbin/iptables -A INPUT -s $ip -j DROP
    # -----------------end of shell script-------------------------
    This script goes into a file, lets call it Make this file executable:
    chmod +x
    Now we'll cron it to run every five minutes:
    crontab -e
    At the bottom, add a line like:
    0-59/5 * * * * /root/
    (make this point at your actual script)

    Basically what this does is, it scans your /var/log/secure logfile every 5 minutes, looking for failed logins, dictionary attacks, and some DoS attempts. If it finds any, it adds them to your iptables rules, effectively locking them out for good.

    Part 3: /etc/passwd

    Your /etc/passwd file tells your machine what users exist on your server, what groups they are in, and what shell they are to have access to when logging in.

    In order to seal up another security hole, we're going to make sure only the user accounts YOU select can login via SSH at all. Open up your /etc/passwd in your favourite text editor.

    Every line is going to look something like this:
    This tells the machine what account it is, the userid, the groupid, and most importantly, the shell.

    In this case, root gets /bin/bash.

    Any user account you want to be able to login, should end with /bin/bash
    Any other account should get /sbin/nologin.

    This will give any potential hackers even less of a potential chance of breaking into your server.
    Last edited by MikeG@Spry; 10-18-2007 at 05:58 AM.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts