Newbie Security Concerns
Paul Schmehl
pauls at utdallas.edu
Tue Feb 8 08:13:02 PST 2005
--On Tuesday, February 08, 2005 11:01:11 AM -0500 crzdgns1 at starpower.net
wrote:
>
> I am a new user of UNIX and FreeBSD and have never had to do any
> administration or security configuration myself before. I am running
> IP Firewall on FreeBSD-5.3-RELEASE. Last night I was checking my
> logs and discovered that sshd reported many illegal users. Does
> that mean my system i compromised? As configured, there are only
> three accounts on my system, root, toor, and one user account for
> me. I suppose you need more information from me, but am not sure
> what to provide. Any help would be greatly appreciated.
>
In addition to the firewall, you should edit /etc/hosts.allow and only
allow remote access from trusted hosts. That will completely stop the
random ssh login attempts.
man (5) hosts_access
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
More information about the freebsd-questions
mailing list