andy baxter schrieb:
It depends on you. I'd think that it's enough if you watch the processes running on your server from time to time, check it with rkhunter or something similar and keep an eye on your logs (via logcheck for example). You also can chroot your webserver. For me, using something like aide would be a bit too much for a small personal server.andy baxter wrote:Thanks to those who replied about ssh config. Would be good to know more about whether it's worth setting up aide for a small home server like this, and if the way I'm thinking of doing it is OK. My main worry isn't someone reading my files, which aren't desperately secret, it's that I don't want to hassle of having to reinstall after being cracked, and I don't want to become part of someone else's botnet.[... I'm planning to ...]- use aide to check the system files regularly. The way I'm thinking of doing this is to put a bootable debian image (with aide installed) on a flash disk, then every week or so boot my laptop from this with the slug's usb hard drive plugged into the laptop as well, and check the system using aide that way. Then install any updates, then calculate the checksums again and store them on the flash disk (which I would never use for any other purpose). This is putting me off somewhat, as I was doing something similar with another server I had a while back, and it was a fair bit of hassle to keep it up every week. So it would be good to know if this is overkill, or a sensible thing to do?
martin
andy