Security Suggestions

I have an installation which is working well, but I have security concerns after a break in on a different computer. If this machine gets taken down, I’m in a lot of trouble…

Other than a secure password and keeping patches up to date is there anything else I can/should do that would help increase security?

I’m thinking of a firewall that recognizes multiple incorrect password attempts…? What else?
thanks
todd

Iptables already has some features built-in to prevent password guessing ("–hitcount").

See also

http://wiki.centos.org/HowTos/Network/SecuringSSH

You could also try fail2ban.

Howdy,

Those are some good suggestions snapmin offered… a lot of folks are using Fail2ban, and the Securing SSH document has some good ideas in it.

In addition, you’d want to make sure that all the web applications running on your server are up to date. Web apps with security issues are one of the more common ways bad guys use to break into servers. Frequently, those are used for sending spam, but in some cases those can be used to gain privileged access.

Also, tools such as rkhunter can assist in keeping an eye on your system, and notifying you if it seems anything unusual.

-Eric

Regarding “keeping patches up to date”. If you are on Centos, please keep in mind that there is usually quite a delay until security updates from redhat make it into centos (e.g. centos 5.6 is still not available).

PS I don’t think you can use newest Redhat version because the virtualmin folks only support redhat after the corresponding centos version is released, right?