Re: How to detect whether your machine is compromised?

To: debian-user@lists.debian.org
Subject: Re: How to detect whether your machine is compromised?
From: "Douglas A. Tutty" <dtutty@porchlight.ca>
Date: Sat, 6 Oct 2007 09:48:53 -0400
Message-id: <[🔎] 20071006134853.GC6694@titan.hooton>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20071005114028.686254dd.atu13439@csun.edu>
References: <[🔎] 47066419.8000902@gmail.com> <[🔎] 20071005114028.686254dd.atu13439@csun.edu>

On Fri, Oct 05, 2007 at 11:40:28AM -0700, Amit Uttamchandani wrote:
> There is an amazing software set called bastille. It runs a set of
> scripts that hardens linux. Although it doesn't tell if it has been
> compromised but this should be done after every new install.

I found bastille to be a bit stupid for me.  The better choice is to
read the document in harden-doc and follow those recomendations that
make sense.  

Don't have any ports open to the internet that you don't need.  Don't
have servers listening on outside interfaces unless you are in a DMZ.
Especially, don't have ssh listening on outside interfaces if you don't
need it.  If you do, and it will work for you, disable password ssh
login altogether and use pubkey only.  Don't allow root to ssh in.

Finally, after you've secured everything else, read shorewall-doc and
set up a firewall that has the default policy of either deny or drop,
then only allow what you need.

Doug.

Reply to:

References:
- How to detect whether your machine is compromised?
  - From: Raj Kiran Grandhi <grajkiran@gmail.com>
- Re: How to detect whether your machine is compromised?
  - From: Amit Uttamchandani <atu13439@csun.edu>

Prev by Date: Re: Finding installed dependencies?
Next by Date: Re: seeking advice on free dns
Previous by thread: Re: How to detect whether your machine is compromised?
Next by thread: Re: How to detect whether your machine is compromised?
Index(es):
- Date
- Thread