Securing a fresh Linux install, part 3

    Date22 Apr 2004
    Posted ByAnthony Pell
    From the article's overview: In the previous article in this series we looked at ways to secure files and monitor system logs on a Linux server. To finish the series we'll look at security considerations for some important networking tools. . . . The article starts off right away with:


    If you are accessing machines remotely across a network, you should not be using Telnet. Telnet transmits information, including passwords, in plain text, which can easily be intercepted and read. SSH performs much the same task as Telnet, but it does so through an encrypted tunnel and is therefore much more secure.

    There are a number of configuration options you should consider when using SSH. These are set in the /etc/ssh/sshd_config and /etc/ssh/ssh_config files.

    First, set the LoginGraceTime, the time users have to enter their login information, to a low but sensible value -- 30 seconds maybe.

    Make sure root is not allowed to login by setting PermitRootLogin to no. If you need root privileges you should log in as a normal user and su to root.

    Set StrictMode to yes to ensure that users cannot access home directories owned by other users.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.