[olug] example intrusion detection

Mike Hostetler hostetlerm at gmail.com
Wed Oct 6 14:04:14 UTC 2004


Great stuff! I learned a lot just by reading it.

A great basic fact is to at least shut off root logins via ssh.  It's
as easy as:
   PermitRootLogin no

I didn't know about this, but was looking at my logs one day and
marveled how many people were trying to ssh in as root.   Perusing the
sshd_config file brought this one up.

"AllowUsers" is a good one, too, if you can restrict ssh to a few users.

Of course, running as few programs connecting to the outside is the
best course of preventative action.
-- 
Mike Hostetler
http://www.binary.net/thehaas



More information about the OLUG mailing list