hosts.allow - Re: intrusion via ssh

To: Brad Sims <bmsims1@insightbb.com>
Cc: debian-user@lists.debian.org
Subject: hosts.allow - Re: intrusion via ssh
From: Alvin Oga <aoga@mail.Linux-Consulting.com>
Date: Thu, 31 Mar 2005 17:00:00 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.1050331165632.9387D-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 200503311802.24309.bmsims1@insightbb.com>

On Thu, 31 Mar 2005, Brad Sims wrote:

> What I do to look at auth.log is something like `sudo less /var/log/auth.log|grep sshd|less
> 
> BTW I have /etc/hosts.allow set as follows:
>  ALL: LOCAL

dont use "ALL"

>  # This are my work comps.
>  ALL : $FIXED_IP1
>  ALL : $FIXED_IP2

you should be using

sshd: $FIXED_IP1
sshd: $FIXED_IP2

mountd: $FIXED_IP1
mountd: $FIXED_IP2

if you use "ALL:" ... you allow all services to be usable and exploitable
from those 2 fixed iP#

if you use sshd and mountd, they can only exploit the sshd and nfs daemons

> /etc/hosts.deny reads:
>  ALL: EXCEPT LOCAL

you should deny all local services ... there's nothing it needs

	ALL : ALL

> How secure is this?

almost there ... tighter security is better if it doesnt break anything
especially it takes less than a minute to tighten it

c ya
alvin

Reply to:

Follow-Ups:
- Re: hosts.allow - Re: intrusion via ssh
  - From: Brad Sims <bmsims1@insightbb.com>

References:
- Re: intrusion via ssh
  - From: Brad Sims <bmsims1@insightbb.com>

Prev by Date: Re: Backup Scripts - can o worms
Next by Date: Re: Backup Scripts - can o worms
Previous by thread: Re: intrusion via ssh
Next by thread: Re: hosts.allow - Re: intrusion via ssh
Index(es):
- Date
- Thread