Quote:
Originally Posted by punjabipredator
When we reinstalled the server and had the TCP WRAPPER added which only allows my ip range it has blocked out IRCD and others that used SSH to take over the server. When i ran rootkit the only problem and vulenerable was SSH. Yeah i will look for a better method to secure and harden SSH but at the moment a temporary fix is getting the job done. Thank You.
|
Add another layer of protection using an iptables script.
Restrict network accessible admin tools (ie cpanel).
Look at the the output of 'rpm -qa' and remove all unneeded RPMs.
Lock down SSH access to select users that authenticate using a public key.
Audit your web content.
Get familiar with all of the logs. Send syslog to another server for backup.
Once your server is ready for use, get a baseline status with Tripwire/AIDE before users login. Make regular comparisons.
Monitor your logs.