Yes, a can of worms... But general direction would be nice...

Brian J Rogers brian at
Tue Jul 14 21:22:42 MDT 2009

> Anyone have some sources that I could consult that give some generally
> good ideas of security measures, and then how to clean up once you've
> been pwnd?  Or comments on the above suggestions?
> Thanks for your collective wisdom, expertise, and valuable input.
> Except for Steve or Jason. :)
> Scott

Something I'd recommend looking into is an automated way to add an IP to 
IPTables, such as Fail2Ban. I run it and it's a great tool to watch your 
logs (ssh/ftp/mail) and if it sees failed attempts more than the 
threshold you set, then it adds that IP to IPTables for an amount of 
time that you set. It's helped me a lot, but I follow the mantra of 
'security through obscurity'. Change your SSH port to some other number 
that has significance to you but no one else. Have SELinux on if you 
can, be very reluctant to turn it off. That's my two green rupees for you.


More information about the PLUG mailing list