[NTLUG:Discuss] If you were using an intrusion detection system...
LEROY TENNISON
leroy_tennison at prodigy.net
Tue May 9 23:04:38 CDT 2006
Thank you, that's a good list to review and consider.
Unfortunately, since I sent my original email, I've
run into more pressing issues (another thread).
--- David Stanaway <david at stanaway.net> wrote:
> One thing you might like to consider is disabling
> password
> authentication with ssh since there are a number of
> brute force ssh
> worms in the wild. Use key based authentication
> instead.
>
>
> Kyle Davenport wrote:
> > *** Authentication Certificate ***
> >
> > From: Leroy Tennison
> >> What would you use?
> >
> > snort.
> >
> > OK, so I would rather stop them before they
> intrude. I have perhaps gone
> > overboard in applying security to my internet
> gateway, but I consider it a
> > learning opportunity. Does the gang here see
> anything I've missed? I
> > know I could have started with a more secure
> distribution, like Trustix,
> > but I'm used to Redhat, so I started with Fedora
> Core 3.
> >
> > 0. Restrict accounts, strengthen id/passwds, test
> crackers
> > 1. configure firestarter firewall, default deny.
> > 2. default deny in tcpwrappers
> > 3. blockhosts.py (tcpwrappers)
> > 4. denyhosts.sf.net (blacklist)
> > 5. PeerGuardian (blacklist)
> > 6. iptables repeated new connections timeout
> (/etc/firestarter/user-post)
> > 7. tripwire (used AIDE instead)
> > 8. rpm -V
> > 9. strict sudo
> > 10 disable remote root logins
> > 11 restrict hosts in ssh
> > 12 squidGuard blacklist for squid proxy
> > 13 blackholes.mail-abuse.org for sendmail
> > 14 make http://localhost/robots.txt a bot-only php
> script
> > 15 snort + snort-mysql + acid + base
> > 16 nessus + metasploit + chkrootkit
> > 17 grsecurity + PaX (patch kernel!)
> > 18 analyse webserver security - verify auth
> >
> > I actually haven't been able to do the official
> grsecurity yet, because
> > they are falling way behind kernel releases.
> >
> > Kyle
> >
> >
> >
> > _______________________________________________
> > http://ntlug.pmichaud.com/mailman/listinfo/discuss
> >
>
>
> _______________________________________________
> http://ntlug.pmichaud.com/mailman/listinfo/discuss
>
More information about the Discuss
mailing list