hosts.allow - Re: intrusion via ssh
On Thu, 31 Mar 2005, Brad Sims wrote:
> What I do to look at auth.log is something like `sudo less /var/log/auth.log|grep sshd|less
>
> BTW I have /etc/hosts.allow set as follows:
> ALL: LOCAL
dont use "ALL"
> # This are my work comps.
> ALL : $FIXED_IP1
> ALL : $FIXED_IP2
you should be using
sshd: $FIXED_IP1
sshd: $FIXED_IP2
mountd: $FIXED_IP1
mountd: $FIXED_IP2
if you use "ALL:" ... you allow all services to be usable and exploitable
from those 2 fixed iP#
if you use sshd and mountd, they can only exploit the sshd and nfs daemons
> /etc/hosts.deny reads:
> ALL: EXCEPT LOCAL
you should deny all local services ... there's nothing it needs
ALL : ALL
> How secure is this?
almost there ... tighter security is better if it doesnt break anything
especially it takes less than a minute to tighten it
c ya
alvin
Reply to: