[Fedora] Seeing input on Securing the Linux system from intrusions and attacks.

[Tom Horsley]

On Thu, 27 Dec 2007 11:10:47 -0800
"Daniel B. Thurman" <dant at cdkkt.com> wrote:

> Does anyone have any advice, links to great sites focused on security
> and how to secure your linux box against intrusions and attacks?

Well, what I'm doing is this:

1. My system is hooked to an external router/firewall combo with
only port 22 (sshd) open and forwarded to it.

2. My sshd_config file is setup to disable all forms of authentication
except for public key, and the only valid public key file is
encrypted on my system at work (with a passphrase only I know that
isn't written down anywhere).

3. My /etc/hosts.allow and /etc/hosts.deny files are setup so that
only the IP address of my work system (or the address it appears to
have after it gets through the corporate firewall) is allowed
to ssh in.

This winds up with a few lines like this appearing in the security
log every day:

sshd[14989]: refused connect from u16-159.static.grapesc.cz (::ffff:82.100.16.159)

Of course, this all works for me where I just want to be able to
get into my home system from work, and don't have a public server
I actually want folks to access. If I need anything more than ssh,
I can always use port forwarding through ssh to get to other things.

One other gimmick: Within my local network at home, I don't want such
restrictions as only public key, so with the latest sshd in fedora 8,
I can use a "Match" directive to allow more kinds of authentication
within my local home network.