Mandy wrote:
> Hi All-
>
> I have been on linux for a little while. I am just getting to the
> point where I am letting others ssh into my server. Here is my
> question. How do I make sure that the users coming in, have the least
> amount of power. I have set their shell's to rbash. I have seen many
> posts on chroot jail, but none that REALLY explained it. In short,
> how do I make my server as secure as possible.
- who are these others ? do you know them ? do you know them well ?
- what groups are they members of ?
Hint: make a special "remote" (or "unsafe") group and add them to that,
then exclude them from all other group-related activities.
- what other services do you run ?
system security is as strong as the weakest service...
Especially throw out telnet, ident, finger, echo etc., and (if you're
really paranoid) all unsecure (non-ssl) services as well, e.g. only imaps
and not imap, only https and not http, only pop3s and...but you get the
pixel.
- do you have strong password restrictions set ?
Like 8 char minimum, at least one capital and 2 numbers, forced check
against cracklib, etc.
- are you using SSH2 *only* ? force them to use SSH 2
Read, read, and read some more...
Security is a never-ending vigil.
Do not rely on posts - grep the web!
google for "linux chroot remote users" gives 15000 hits alone
--
Jeroen Geilman
All your bits are belong to us.
|
Similar Threads
Linear Mode
