Quote:
Originally Posted by MisterTickle
I want only my IP and toord to be able to access the server but, I woudl like to add IPs every now and than to give other people access for various things and new business partners and so on.
|
- Check your /etc/hosts.deny. If it has just one rule reading "ALL: ALL" that is OK. Check your /etc/hosts.allow. Add a line "sshd:
n.n.n." where "n.n.n." (don't forget the trailing dot!) is the first three octets of your IP address. So if yours would be "1.2.3.4" you would make it read "sshd: 1.2.3.".
- Open your /etc/ssh/sshd_config and look for the line "PermitRootLogin" and ensure it says "no". Look for lines "AllowUsers" and "AllowGroups" if there are none add them: "AllowUsers toord" and "AllowGroups toord".
- (Later on you can add users and groups to the AllowUsers and AllowGroups directives.)
- (Later on, when we have dealt with pubkey auth, you will set PasswordAuthentication to read "no".)
Quote:
Originally Posted by MisterTickle
I installed Atop but, I'm not sure what to use it for or how to run it.
|
Most commands you run will have one or more manual pages and often documentation in /usr/share/doc/{applicationname-version}. Get accustomed to reading them to get a clue. Atop starts on boot with /etc/rc.d/init.d/atop, gets restarted daily with /etc/cron.d/atop (/etc/atop/atop.daily) and runs as daemon with a default 10 second interval for taking samples which get logged to /var/log/atop/. The file can be read back and stepped through with 'atop -r /var/log/atop/{file name}'.
Quote:
Originally Posted by MisterTickle
Okay should I go along and run the IP tables script? ( I need instructions how to make a script and run it still ) and
|
Copy the contents of the script to a file, let's call it "/tmp/iptables.sh", and before the "# End
exit 0" line add a line "sleep 5m && service iptables stop" (w/o quotes) so it reads "# End
sleep 5m && service iptables stop
exit 0". This ensures the script runs and after 5 minutes the firewall is reset, giving you the opportunity to check the log and make adjustments. Now run as 'sudo /bin/bash /tmp/iptables.sh'. Suggestion: if you have a local Linux workstation, or use virtualization (VMware, Qemu, Virtual Box) to install a Linux distribution, you can test things out without harming your server. Highly recommended.