[nSLUG] Securing Linux with shell users

D G Teed donald.teed at gmail.com
Thu Dec 11 12:52:30 AST 2008


This is one of those topics where googling for information
is finding either the wrong topic (secure web services),
or it turns up ancient information which does not apply
for modern Linux distros.

By default, telnet isn't open on modern Linux, and we
have an iptables firewall with only necessary ports open.

I am looking for a resource on setting up a server
with Academic shell users, with the aim of preventing
local exploits.

I'm working on a new server install so it is a good opportunity
to set it up right from the start.

For example, Redhat ships sshd with allowing root logins by default.
So we always disable that.  We also use a program to scan
login attempts, to close the door on ssh brute force attempts.
We can add ulimit values and a user quota.  I want to
expand on this kind of thing.

This isn't going to be as ultra-restricted as many examples
I could think of as we need to allow access to compilers.

Is there a methodology common to ISPs?  Some of it would
fit our case I imagine.

--Donald
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20081211/ac7f0875/attachment-0001.html>


More information about the nSLUG mailing list