Archive for April, 2009

Secure SSH server

Posted: April 30, 2009 in archlinux, Debian, Slackware

To install the open-ssh server:

# aptitude install openssh-server

To change the default port used (helps prevent automated brute force attacks):

/etc/ssh/sshd_config

Port xxxx (you can use port 3151, 2222, 2929)

To enable public key authentication:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

To disable password authentication:

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

To restrict logins to specific users at specific hosts:

AllowUsers username@host.example.com

To restart SSH (after making any of the above changes):

/etc/init.d/ssh restart

SSH Client

To generate an SSL key for public key authentication:

mkdir ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -q -f ~/.ssh/id_rsa -t rsa

To modify the default port setting for the client (useful if your using a non-standard port on the server):

~/.ssh/config:

Host *
Port 2222

Advertisements

Keris Bekor

Posted: April 13, 2009 in My live

Keris bekor

Server uptime command

Posted: April 2, 2009 in archlinux, Debian, Slackware

Uptime command

$ uptime

17:08:49 up  5:54,  6 users,  load average: 2.03, 1.68, 1.50

uptime command gives a one line display of the following information.

  • The current time (17:08:49)
  • How long the system has been running (up 5:54)
  • How many users are currently logged on (6 users)
  • The system load averages for the past 1, 5, and 15 minutes (2.03, 1.68, 1.5)

This is the same information contained in the header line displayed by w and top command:

$ w
$ top

Note that w displays who is logged on and what they are doing while top
command provides a dynamic real-time view of a running Linux/UNIX/BSD
system.

top -d 1 <------ best top command

——————————-cut here ——————————

# Allow outgoing traffic and disallow any passthroughs

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

  1.  Allow traffic already established to continue

iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

  1.  Allow ssh, dns, ldap, ftp and web services

iptables -A INPUT -p tcp –dport ssh -i eth0 -j ACCEPT
iptables -A INPUT -p tcp –dport domain -i eth0 -j ACCEPT
iptables -A INPUT -p tcp –dport ldap -i eth0 -j ACCEPT
iptables -A INPUT -p udp –dport ldap -i eth0 -j ACCEPT
iptables -A INPUT -p tcp –dport ftp -i eth0 -j ACCEPT
iptables -A INPUT -p udp –dport ftp -i eth0 -j ACCEPT
iptables -A INPUT -p tcp –dport ftp-data -i eth0 -j ACCEPT
iptables -A INPUT -p udp –dport ftp-data -i eth0 -j ACCEPT
iptables -A INPUT -p tcp –dport 80 -i eth0 -j ACCEPT

  1.  Allow local loopback services

iptables -A INPUT -i lo -j ACCEPT

  1.  Allow pings

iptables -I INPUT -p icmp –icmp-type destination-unreachable -j ACCEPT
iptables -I INPUT -p icmp –icmp-type source-quench -j ACCEPT
iptables -I INPUT -p icmp –icmp-type time-exceeded -j ACCEPT

——————————-cut here ——————————