[ubuntu-us-ut] Securing a Linux Server
Daniel
teletautala at gmail.com
Mon Oct 8 23:52:50 BST 2007
I have just been hacked. I was vulnerable to an ssh brute force
attack. The hacker got in using a weak username and password. This
has raised the question in my department, "How do you secure a Linux
box?"
Here are the requirements:
publicly viewable via http protocol
access to sftp from outside network
users would use dreamweaver or cyberduck, or winscp to upload webpages
I need to get in from outside the network and administrate the server
No one should be able to get in to the server except through a secure means
Usernames and passwords should be hard to guess
No program on the box should be listening except the apache2 server and ssh
No one, once on the box should be able to find out anything about the
OS (chmod ug+rw o-rwx /etc/*)
I need people to trust this box with sensitive data.
This is just a list of requirements I pulled out of my head. This is
just to give an idea of the direction I am headed.
I need to know what to do with this box and what to do with the
firewall it is behind or should be behind. I am compiling a one page
paper and need input.
Thanks,
-Daniel
More information about the ubuntu-us-ut
mailing list