You are not logged in.
Hi ,
Any pointers, tips n tricks etc in securing a newly installed archlinux box... I searched the wiki..but theres not much there... If i get lots of input I will even consolidate it in a wiki page as beginners guide to arch security ... Thanks in advance
Offline
Here are a few things to think about:
1. use strong passwords (viz. random characters) and consider the same for usernames (to stop/slow down brute force attacks).
2. carefully consider what groups your non-privileged user is to be a member of - eg. consider removing it from the wheel group (so that it can't 'su' into root).
3. consider using 'sudo' and, if you do, make sure you've thought about what privileges and how much privilege you want your non-privileged user to have.
4. shutdown any services/daemons you don't need (use netstat to see which ones are listening).
5. use a firewall and customise its configuration.
6. consider using SElinux.
Offline
if you have sshd running, don't use the default port
cuts down attacks from >5000 a day to ZERO
Last edited by robmaloy (2008-11-19 15:15:20)
☃ Snowman ☃
Offline
Here's a starter set of iptables rule to get you going: http://pastebin.com/d19c4206e
They're a modified version of something I found on the intarwebs. Just pay attention to what you want/need to uncomment in the INPUT section, and add your local network segment at the bottom for ICMP packets.
if you have sshd running, don't use the default port
cuts down attacks from >5000 a day to ZERO
Also:
1) Disable root login on ssh (PermitRootLogin no)
2) Install and configure fail2ban
3) Create a group "ssh" and add you user to that group, then only allow members of that group to login via SSH (AllowGroups ssh)
Last edited by fukawi2 (2008-11-19 21:43:59)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
I think you should look at the function of the host. If it is really prone to attack, you should be more careful, but from my experience this is the most important:
- Good passwords
- All connections carrying confidential information like passwords, should be encrypted (e.g. ssh, https, ...)
- Stay up-to-date to avoid exploitable vulnerabilities
- Firewall and/or check that only the services you need have opened ports
Important, but not required:
- things like denyhosts
- using wheel group
- denying root login on ssh
Changing ports etc are no ways to secure your host: a casual attacker wont guess a good password anyway and a targeted attack will find the correct port anyway.
But, please do not panic about security. If your passwords are strong and you update when large vulnerabilities are known, you will be on the safe side for 99.99% of all attacks. If you use a little more of your brain and add some more countermeasures, nothing bad will happen
Last edited by evdvelde (2008-11-19 22:08:12)
Offline