[NTLUG:Discuss] Apache Attack
David Simmons
dave at dgnal.net
Fri Sep 7 19:48:55 CDT 2007
> Three quick points:
> 1) I use the sshd_config
"AllowUsers" option to define which users can log
> in
via ssh. None of the "common/typical" users are in this list.
I'll log
> in as on a non-common account and then su to the
standard account if needed.
Have been thinking about
this....what the Nagios account was doing was SSHing OUT to attempt ssh
connections with a bunch of other machines.....so while sshD_config has a
'AllowUser' config option...that wouldn't have really helped?
I did:
[root at www4 opt]# ls -la /usr/bin/ssh
-rwxr-xr-x
1 root root 292520 Mar 21 15:42 /usr/bin/ssh
Ah-ha! so
what I should probably do is a 'chmod 700'.....is there a reason that any
user should have r_x access to ssh OUT??
> 2) I use the
sshd_config "Port" option to something other than port 22.
> This significantly reduced the number of ssh script attacks that I
was
> seeing. Obviously someone can still find the port if their
interested,
> but let's not make it too easy.
> 3)
Finally, I use the hosts.allow "sshd" option to specify what
IP
> addresses can connect via ssh.
Yes....good ideas
- but not helpful to prevent this type of account....poor passwords I
believe are/were the real culprit?!?!
Thanks!! this is
great info!
- dave
More information about the Discuss
mailing list