Re: securing the system, stopping unnecessary services and closing open ports.

[Brian <ad44@cityscape.co.uk>]

On Sat 27 Aug 2011 at 17:16:16 +0100, Joe wrote:

> On Sun, 28 Aug 2011 01:05:47 +1000
> yudi v <yudi.tux@gmail.com> wrote:
> > 
> > how can I find out if this system has been compromised?
> 
> You can try chkrootkit and rkhunter, but the latter at least works

A natural history expedition searching for unicorns and dodos would have 
as much success as these two programs are likely to have.

> > what are the steps I need to take to secure it?
> 
> As you say, deny root logins, but I would strongly recommend dropping
> passwords altogether and using keys. If you connect from Windows, you

Keys and passwords each have their place. One is not inherently more
secure than the other.

> (currently I believe) can't use *nix-generated keys. The change of port
> number is often denigrated as 'security by obscurity', but then what
> else is a digital certificate? If running ssh on an obscure port
> prevents pretty much all automated password brute-forcing (and it does)
> then you're better off than many other people have been.

You are most probably correct. On a higher port number sshd will
experience fewer probes. But it was secure on port 22 anyway, so there
doesn't seem much point in moving it in that regard.