root
Sshd_config Settings Rundown
Feb 3rd
- Image via Wikipedia
First change the port you are using. Do not use port 22 on servers that have internet connectivity. This is the first port that will be checked by countless robots searching the internet for vulnerabilities. Change the port to whatever, and then use the -p option in your ssh login attemt. Then make sure root login is disabled, remove the pound symbol from the front of the option line. If you can you should definitely allow rsa key login. Once you get your encryption key setup disable password login by setting the respective line to “no”. If you cannot enable keyed logins for any reason what soever, you should enabled ip based restrictions either by iptables or by tcp wrappers. Iptables is configured with the iptables command, and the tcp wrappers are configured in /etc/hosts.allow. You can reduce the time limit for password login, but sometimes this causes problems with remote users connecting; sometimes it takes a couple of extra seconds for people to login. Make the time limit around 30 seconds. If people are still having trouble connecting check the /var/log/auth.log file for more information about the failed login attempt. Maybe the password is too complicated? Before reducing the complexity of the password implement fail2ban, which will automatically block ip addresses based on failed login attempts, therefore you can reduce the complexity of the password without substantially reducing system security.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=e60bad9b-01fa-477c-8d93-931cacb700d4)
Detecting a Security Breach – Ubuntu and Linux Machine
Jan 25th
Detecting a security breech is sometimes as easy as logging into the machine, using ssh, and viewing the last login attempt from a completely unrecognized ip address or domain. Subsequently check your auth.log file, in /var/log, for login attempts. If you see countless failed login attempts you have been the victim of a brute from attack. In gedit, or nano you can search for “attempt” or “access”. When several failed login attempts occur a log entry saying “possible breaking attempt” is posted. The first think a hacker will do, on a Linux machine, is attempt to change the root password, which will lock down the machine completely. If they cannot change the root password, they may just try and install a backdoor to the particular user that was breached. A backdoor can be a daemon running on any port, so check with “ps aux | grep user”. Grepping the ps command will bring up all of your active processes and if any process name looks funny you have identified a concern. You can also check what ports are accepting communication (open). A backdoor can also be an installed authorized key, which will allow password-less ssh access to the system.
Ultimately if a hacker changes the root password of your machine, there is nothing you can do. You must either restore from a backup, or rebuild the entire machine. No questions asked.
Ubuntu Server Auto Mysql Root Password Set
Nov 29th
During the default LAMP installation of Ubuntu Gutsy Server, you will be automatically prompted to set the Mysql root user password. This is an extremely convenient feature, that consolidates an entire step. This feature among many other puts Ubuntu server edition at the top of my list for server environments. Although I currently use Debian for my server environment, I may choose to use Ubuntu to deploy a Ruby on Rails server environment.
Mysql Set Root Password
Nov 12th
This is a standard requirement of any new Mysql installation. First login: mysql -u root -p Press enter, with no characters entered, when you are prompted for the root password. The password is nothing. Then enter the following into the mysql prompt. Replace temp with your desired password:
SET PASSWORD FOR root@localhost=PASSWORD('temp');