Alejandro Rodriguez Luna wrote: > I just wanted ask about the security of services like ssh, dns, > etc, what is the best way to secure this services?, perhaps > /etc/hosts.allow and /etc/hosts.deny?, or perhaps with a superserver > inetd or xined?, Well, the 'best way' is quite subjective. IMO, disabling any services that are not used is the first step. For sshd, I disable password access and only allow authentication via keys. I also disable root login via ssh. Then I limit the users allowed to login via AllowUsers in the sshd config file. Some people also use denyhosts or similar methods to lock out IP addresses that make numerous unsuccessful login attempts. Overall, I don't spent a lot of time worrying about openssh. The OpenSSH project has an excellent security record. DNS is a little more worrying, as BIND has had more problems over the years. It has been much better in recent years though. By default, the named service is run as a non-root user. It's also confined by SELinux. It can optionally be run in chroot jail, that might further limit a successful exploit of the service. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Even moderation ought not to be practiced to excess.
Attachment:
pgpEVGRoVsBiX.pgp
Description: PGP signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
