Linux Admin Zone

I was amazed to hear from my friend that one of their server got hacked and reason may be that their part-time admin set password of root user as ‘admin’. Wow!! can’t believe it! They dont have right to cry about security attacks as they themselves keep their door opens

I’ve suggested them some points as per described below for ensuring secure access to servers. They have 5-6 Linux servers. This is obviously may not be the best way and I’m as always appreciate if you can give your suggestion in comments. My approach is that from 6 servers, we will be able to login only in 2 servers from remote through key based access and from these 2 server, we can access remaining. Here’s what we did:

Some times we need a way to automatically save any user’s or root’s activity so that we can check later. In environment, where root account is accessible by multiple people, its very helpful to exactly know who did what and when? In my case, I have found that some files are changed mysteriously but I was clueless as there are more than one users with root access.

To save the activity/history of any user (including root), you need to open the user’s .bash_profile from his home directory.

Brute force attacks or dictionary based attacks are common these days for servers. DenyHosts is an excellent python tool to prevent such attacks. It will detects failed attempts and prevent offending Host/IP for further connection by adding it to /etc/hosts.deny file.

Here are steps to install and configure DenyHosts for your server. These steps are applicable for Red Hat based distros (ie RHEL, CentOS, Fedora) and needs minor changes for other distros. You can copy paste the commands.

Step 1. Detect which version of Python is installed on your server:

# python -V