[ec2-beta] document: EC2 Ubuntu sudo Guide
Joe Sloan
joe at tmsusa.com
Sat Mar 7 23:16:32 GMT 2009
Jim Cheetham wrote:
> * 'ssh' is one of the most attacked services on a Linux machine. If an
> attacker manages to get a shell login on your machine, it is game
> over. Your machine can be compromised just as badly and undetectably
> as a Windows machine can.
>
If an intruder gets a shell by guessing the password for some random
account, he can do some things but he can't alter the system
configuration. I've cleaned up nix systems after break-ins and found it
fairly easy to see the trail. Of course, a lot of mischief can still be
done, so prudence is in order, but lets not exaggerate and say it's as
bad as microsoft.
> * Nearly all active ssh attacks are using a list of common usernames,
> and are guessing passwords. The most common username on a Unix machine
> is ... 'root'.
>
> * The root password will be attacked over ssh, and will be attacked
> from a compromised shell account.
>
>
I limit ssh access to a short list of allowed IPs in hosts.allow and I
also limit the valid ssh users in sshd_config, and root login isn't
allowed except with the dsa key, so the surface area to attack is pretty
small. I see many failed ssh logins daily, but it's just log clutter,
and even that could be eliminated with something like fail2ban.
Joe
More information about the Ec2-beta
mailing list