David Whyte wrote:
Hi, I have two different Fedora Core 2 systems connected to the internet full-time. I run logwatch and began noticing that my servers were both being scanned daily. It looked like they were using some sort of dictionary attack script, because I saw repeated login failures for common userid's, including root. Fortunately, I did not have a weak root password or my systems would have been hacked.Very interested to hear some knowledgable users comments on this.I am behind a NAT router, have a dynamix IP but will use dynDNS, and I have port 80 blocked by ISP. I plan to open SSH and a port for HTTP (1010 or 1080) so I can use MythWeb when out of the house. I will obvisouly change my crappy root password when I get to opening the ports.. Cheers, Whytey To thwart the attempts, I changed my sshd configuration to not allow ssh via passwords at all. To do so, edit /etc/ssh/sshd_config and add the line "PasswordAuthentication no". Doing so will require that you access your system via ssh using public/private keys. You can generate the public/private keys with openssh or puttygen, whichever you prefer. Hope that helps. -- jthomps On Wed, 15 Dec 2004 16:16:14 -0500, Craig Partin <[EMAIL PROTECTED]> wrote:After reading the post about the poor soul who's box was rooted, it got me to worrying about my own. Right now I feel pretty safe with the box behind a NAT hardware firewall. I do want to open some ports for SSH and HTTP connections and wonder what security considerations I might be missing. The myth user is logged in with sudo passwordless renice access. Services are run as root and the frontend and X are setuid root. It's a basic gentoo install with no additional security related tweaking. openSSH, MySQL, and Apache2 are the only network daemons running. What security measures do others have in place? Thanks, Craig _______________________________________________ mythtv-users mailing list [EMAIL PROTECTED] http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users |
_______________________________________________ mythtv-users mailing list [EMAIL PROTECTED] http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users