Re: what to do?
From: AragonX (aragonx_at_dcsnow.com)
Date: 08/30/05
- Previous message: James McEachern: "RE: Computer forensics to uncover illegal internet use"
- In reply to: Jayson Anderson: "Re: what to do?"
- Next in thread: Ansgar -59cobalt- Wiechers: "Re: what to do?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Aug 2005 07:52:16 -0400 (EDT) To: security-basics@securityfocus.com
<quote who="Jayson Anderson">
> On Thu, 2005-08-25 at 00:30 -0700, Bill Smith wrote:
>> Hi Guys,
>>
>> I noticed that someone is trying to hacker into my
>> machine. Please see below is the content of
>> /var/log/security.
>> what I would like some advice of you guys is, what
>> will I do with these people?
>> btw, I do have FW
Do you need to be able to access your machine remotely through ssh?
If no then disable.
Do others need to be able to access your machine remotely through ssh?
If no then 'AllowUsers = <enter your user name>' in sshd_config
Do you have a limited number of domains you logon from?
If yes then '$IPTABLES -A INPUT -p tcp -i $EXTIF -s yourdomain.com
--dport 22 -j ACCEPT' in your firewall rules. Need a default deny
policy.
Finally I also suggest:
ListenAddress <anything other than 22>
PermitRootLogin no
This of course assumes that you are using a newer version of Linux.
- Previous message: James McEachern: "RE: Computer forensics to uncover illegal internet use"
- In reply to: Jayson Anderson: "Re: what to do?"
- Next in thread: Ansgar -59cobalt- Wiechers: "Re: what to do?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
