Linux Installation and Administration - Parkland
Last Modified:
Thursday, 26-Aug-2010 17:40:50 CDT
You Just re-booted and logged in as root at the console - what now?
You do a few things to secure the machine and THEN you attach it to
the net and check the settings.
The Procedure
- edit the file /etc/ssh/sshd_config . In that file you add a couple of
lines:
################################################################
#sean added this before the machine was attached to the net 8-30-06
#any other comments that you wish here
PermitRootLogin no
#################################################################
- service sshd restart
This is the easy RedHat way to force a
machine to restart the service and therefore now deny root account attacks from
the net through port 22.
- Edit the file /etc/sysconfig/iptables to only allow incoming port
22 connections from shaula (216.125.253.135). This means that you will have to
rem out the existing line for the sshd server too. (remember to put your
comments in there when you rem it out)
#sean accept only incoming ssh from shaula 8-30-06
-A RH-Firewall-1-INPUT -m state --state NEW -s 216.125.253.135 -m tcp -p tcp --dport 22 -j ACCEPT
Now restart the iptables: there are several ways
service iptables restart
kill -HUP $(cat /var/run/iptables.pid)
/etc/rc.d/init.d/iptables restart
- NOW Plugin and test. At this point root should be disallowed to login
remotely but can still login from the console, and all users should have to come
from shaula to get in.
- use the useradd command to add the second user to the system.
useradd -c "Sean Mauney" -d /home/smauney -m -k /etc/skel smauney
would
have made an account for smauney with a user private group (we are not using
user private groups we will have all users that we add in the "users" group), you then MUST run
the command passwd smauney and set an initial password.
- Both people work on your documentation web sites.
| Top |