Linux Security

Discussion in 'Installation/Configuration' started by willebanks, Jul 20, 2006.

  1. willebanks

    willebanks New Member

    Howdy folks,

    While check my router security logs I discovered that my system is being swamped by crackers...from the "secure" logs on my linux server I can see that ssh, ftp, and other ports are being "attacked" almost every second. I have since discontected the server from the router and closed all ports on the router as I can't tell if anyone has actually "entered" the server.

    Since make these drastic changes, the router has blocked all attempts to enter the system I guess as successful packets are not logged! Needless to say this has scared the crap out of me and made consider how well my server is secured.

    When I first installed Fedora Core 5 I didn't install any GUI interfaced as I really wanted to learn the Linux command line, sadly for a new user the has hamstrung me as I am unable to respond to these attacks with any speed...I am now in the process of re-installing Linux so I can have the GUI should I need it to make rapid system changes...

    What I need to know is how I can harden my server so I will feel more confident that these attacks will fail...I am no longer confident that my server is safe behind the router!

  2. chris.zeman

    chris.zeman New Member

    I am certainly no Linux security expert, but here's where I would start:

    DROP all ping requests from the internet.

    Disable telnet. Only use SSH, and configure it to use a port other than 22, but not a port that's standard for another service. Search Google for "port list", and I think the first result is the one you want. Follow the same procedure for other services that only you will need to access.

    Open ONLY the ports you need open to the internet. Configure your firewall to DROP all others.

    I'm sure others in the forum can offer better, and more, advice than me, but I hope I gave you a good start. :)

    I noticed the same type of traffic in my firewall log, but it was all dropped by the firewall. Like I said, though, I am no expert in securing Linux. I'm still learning. :)

    Good luck!
  3. Stanev

    Stanev New Member

    Have a look here
  4. falko

    falko Super Moderator ISPConfig Developer

Share This Page