[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Alejandro Rodriguez Luna wrote:
> I just wanted ask about the security of services like ssh, dns,
> etc,  what is the best way to secure this services?, perhaps
> /etc/hosts.allow and /etc/hosts.deny?, or perhaps with a superserver
> inetd or xined?,

Well, the 'best way' is quite subjective.  IMO, disabling any services
that are not used is the first step.  For sshd, I disable password
access and only allow authentication via keys.  I also disable root
login via ssh.  Then I limit the users allowed to login via AllowUsers
in the sshd config file.  Some people also use denyhosts or similar
methods to lock out IP addresses that make numerous unsuccessful login
attempts.  Overall, I don't spent a lot of time worrying about
openssh.  The OpenSSH project has an excellent security record.

DNS is a little more worrying, as BIND has had more problems over the
years.  It has been much better in recent years though.  By default,
the named service is run as a non-root user.  It's also confined by
SELinux.  It can optionally be run in chroot jail, that might further
limit a successful exploit of the service.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Even moderation ought not to be practiced to excess.

Attachment: pgpEVGRoVsBiX.pgp
Description: PGP signature

-- 
fedora-list mailing list
[email protected]
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]
  Powered by Linux