securing SSH, FBSD systems
Jerry Bell
jbell at stelesys.com
Sun May 22 13:13:20 PDT 2005
These attacks are almost exclusively automated, looking to install a
script to launch spam runs from. They're essentially trying common
username and weak password combinations - blank password, passwords the
same as the user name, abc123, etc. There are four things you can do to
improve the secutiy of sshd:
1. Move sshd to listen on a different port. This will not protect against
a concerted attack, though.
2. Check for weak passwords. John the ripper can help out with that.
pam_passwdqc(8) can help you enforce strong passwords.
3. Integrate an automated log monitoring system that looks for
*successful* logins, since those are really what you're worried about
anyway. This can be difficult to manage if you have a log of regular
shell users.
4. Keep up-to-date with security patches and advisories. Attacking your
system through password guessing is much harder than using a vulnerability
in sshd or some other service.
I have a security guide for FreeBSD at:
http://www.syslog.org/Content-5-4.phtml
Jerry
http://www.syslog.org
> Would someone mind briefly talking about securing FBSD systems from
> such attacks, at least in a manner that's a bit more extensive and
> detailed than just saying "use Snort"? I'm not a newbie to FBSD, but
> I'm not a *NIX guru either. I'd really appreciate your help.
More information about the freebsd-questions
mailing list