Frank Bergmann wrote: > Timothy Legge schrieb: >> Hi >> >> Just a couple of notes on my recent implementation of Ubuntu with LTSP >> 5. The progress on sound, local devices etc is amazing compared to my >> first FC1 based install. Most things just work in initial testing but >> I am sure the users will find issues when they start looking. >> >> I did run into a few gotchas for server hardening though: >> >> 1) Clients run over ssh so the typical things that I configure caused >> issues, notably: >> a) AllowUsers >> b) Changing the default port from 22 to something else >> 2) Running Bastille Unix to lock down the server disabled tftp and >> changed the permissions on tcpd changing them bak to the original with >> all other settings >> 3) denyhosts with LTSP is problematic because incorrect passwords on >> the terminals will cause them to be locked out >> 4) Locking down FireFox 3 proxy settings is a little annoying. The >> script I normally use works but I need to manually copy a firefox.cfg >> to the firefox directory. I need to look to see if there is a newer >> version. >> 5) I have one client that seems to rev up when using flash that I need >> to look at (the fans kick in and it makes a heck of a noise) >> >> I will probably look into whether denyhosts can ignore the terminal >> network and whether it makes sense to run two ssh daemons one internal >> and one external. >> >> Does anyone else have server hardening processes that you use for LTSP? >> >> Tim >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >> Build the coolest Linux based applications with Moblin SDK & win great prizes >> Grand prize is a trip for two to an Open Source event anywhere in the world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _____________________________________________________________________ >> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: >> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss >> For additional LTSP help, try #ltsp channel on irc.freenode.net >> >> > A simple solution is running sshd on two ports simultaniously: > Port 22 > Port 22022 > It's a bit dirty because it runs with the same configuration, but it's > easy and quick. > Enable port forwarding in your router and disable port 22 and you get > the brute force attacks out.
Note that I found my home router would not forward a port as high as 22022. When I changed it to a 4-digit port (starting with 2) it worked. -Rob ******************************************************** The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the addressee, any disclosure, reproduction, copying, distribution, or other dissemination or use of this transmission in error please notify the sender immediately and then delete this e-mail. E-mail transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard copy version. ******************************************************** ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
