Yes, a can of worms... But general direction would be nice...
Brian J Rogers
brian at thegamingkid.com
Tue Jul 14 21:22:42 MDT 2009
> Anyone have some sources that I could consult that give some generally
> good ideas of security measures, and then how to clean up once you've
> been pwnd? Or comments on the above suggestions?
> Thanks for your collective wisdom, expertise, and valuable input.
> Except for Steve or Jason. :)
Something I'd recommend looking into is an automated way to add an IP to
IPTables, such as Fail2Ban. I run it and it's a great tool to watch your
logs (ssh/ftp/mail) and if it sees failed attempts more than the
threshold you set, then it adds that IP to IPTables for an amount of
time that you set. It's helped me a lot, but I follow the mantra of
'security through obscurity'. Change your SSH port to some other number
that has significance to you but no one else. Have SELinux on if you
can, be very reluctant to turn it off. That's my two green rupees for you.
More information about the PLUG