We can harden SSH Server by allow only certain users to use this service. This process is known as whitelisting.
To create a whitelist, you need the user name of the people who will be allowed to use SSH to remotely access the server. Then, follow these steps.
1. Add this line to your sshd_config file:
#Allow only certain users
AllowUsers username1 username2 username2
Alternately, you can allow groups access to SSH logins by using
#Allow only certain groups
AllowGroups group1 group2
2. Save the ssh_config file.
3. Restart the services by type:
service ssh restart
Monday, January 19, 2009
Friday, January 16, 2009
How to logout the user forcefully
The other day a friend of mine was asking me how to stop all users' processes and then logout him.
Well maybe the first thing you need is to send a message to the user, so he can actually save his work.
to do that you may use the command wall to let your users know you are about to log them out.
Now at the given time end all of your users' applications, using pkill
sudo pkill -u username
replace username with every username you have in your system, you can also use.
who | awk '{ printf ("%s",$1 "\n"); }'| grep -v root | xargs -I {} -t pkill -u $1{}
This way you can view all all users' processes, be careful using this.
You can also use the command skill but in its man page it says it is obsolete.
skill -KILL -u username
Use this command carefully, as you may make your users loose their jobs.
Details: http://www.go2linux.org/how-to-kill-users-processes]
Well maybe the first thing you need is to send a message to the user, so he can actually save his work.
to do that you may use the command wall to let your users know you are about to log them out.
Now at the given time end all of your users' applications, using pkill
sudo pkill -u username
replace username with every username you have in your system, you can also use.
who | awk '{ printf ("%s",$1 "\n"); }'| grep -v root | xargs -I {} -t pkill -u $1{}
This way you can view all all users' processes, be careful using this.
You can also use the command skill but in its man page it says it is obsolete.
skill -KILL -u username
Use this command carefully, as you may make your users loose their jobs.
Details: http://www.go2linux.org/how-to-kill-users-processes]
Wednesday, January 14, 2009
Filtering the packets at Application level
This tutorial will walk you through setting up a Linux layer 7 packet classifier on CentOS 5.1, this can easily be adapted to any other Linux distribution out there.
L7-filter is a classifier for the Linux Netfilter that identifies packets based on patterns in application layer data. This allows correct classification of P2P traffics.
It can classify packets such as Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP, Gnucleus, eDonkey2000, etc., that uses unpredictable ports as well as standard protocols running on non-standard ports. It complements existing classifiers that match on IP address, port numbers and so on. http://l7-filter.sourceforge.net/
L7-filter is a classifier for the Linux Netfilter that identifies packets based on patterns in application layer data. This allows correct classification of P2P traffics.
It can classify packets such as Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP, Gnucleus, eDonkey2000, etc., that uses unpredictable ports as well as standard protocols running on non-standard ports. It complements existing classifiers that match on IP address, port numbers and so on. http://l7-filter.sourceforge.net/
Monday, January 12, 2009
Changing the SMTP Banner for Sendmail
To turn this greeting message, find SmtpGreetingMessage in sendmail.cf and change
# SMTP initial login message
0 SmtpGreetingMessage=$j Sendmail $v/$z; $b
to something like
# SMTP initial login message
0 SmtpGreetingMessage=$j (Your message here); $b
# SMTP initial login message
0 SmtpGreetingMessage=$j Sendmail $v/$z; $b
to something like
# SMTP initial login message
0 SmtpGreetingMessage=$j (Your message here); $b
Wednesday, January 7, 2009
Prevent root network authetication
Make /etc/ssh/sshd_config contain the line:
PermitRootLogin no
Restart the SSH daemon:
# /etc/init.d/sshd restart
PermitRootLogin no
Restart the SSH daemon:
# /etc/init.d/sshd restart
Tuesday, January 6, 2009
Prevent trivial root console break-in
Add the following line to the file /etc/inittab right after the line referencing /etc/rc.d/rc.sysinit
ss::S:respawn:/sbin/sulogin
Otherwise, just specify booting with an argument of S or single at the boot-loader prompt to break in as root on the console.
ss::S:respawn:/sbin/sulogin
Otherwise, just specify booting with an argument of S or single at the boot-loader prompt to break in as root on the console.
Sunday, January 4, 2009
Spam Assassin
SpamAssassin uses header and text analysis, Bayesian Filtering, DNS Blocklists, and collaboratives filtering databases to block unwanted e-mail at the server level. It works with most mail systems and is available under the Apache License.
OS: OS Independent
OS: OS Independent
Subscribe to:
Comments (Atom)
