Hi All,
Well after taking into account all of the excellent advice offered on this topic, I have now resolved my KSystemGuard processtable problem, and (hopefully ... will be watching closely) secured the ssh daemon.
What I have done:
1. After running 'swaret --dep' on my system, I determined that for some reason the lm_sensors was missing a dependency (maybe from removing previously mentioned Seamonkey Browser) ... I resolved this by reinstalling lm_sensors-2.10.6-i486-1.tgz package and re-running 'ldconfig' on the system.
2. I altered my Router NAT forwarded port 22 that was open for ssh, and have now NAT opened a >1000 port instead.
3. Editing of /etc/ssh/sshd_config: After backing up original file, I altered it so that:
a.) The Default Port is now changed from 22, to the new NAT forwarded port.
b.) Ensured that Protocol 2 is in use.
c.) Altered 'PermitRootLogin' variable to: no
4. I do not have a /etc/rc.d/rc.firewall file to add Ilgar's script to, so instead I installed the slackware package of Fail2Ban.
5. Chmod'ed +x /etc/rc.d/rc.fail2ban & ../rc.sshd
6. Started fail2ban daemon and ssh daemon.
7. Via LAN, attempted to ssh into server as root ... DENIED (Good).
8. Via LAN, attempted to login as [user-account] ... DENIED (Hmmm, that's not right).
9. Read about ssh options ....
10. Re-attempted to log into server as [user-account] with console string:
ssh <servername> -l <user-account> -p <assigned-port>
System allowed me to log in as [user-account], and then I was able to 'su' to root within the remote ssh terminal (Good).
11. Strengthened both 'root' and 'user-account' passwords using a combination of letters, numbers & punctuation.
I will be keeping an eye on the system log over the coming days to see whether I receive any more ssh attacks on my system.
Two small questions...
1. If I want to use Ilgar's connection limiting script, could I just create a new file /etc/rc.d/rc.firewall, and insert the contents of the script into it? ... or do I need to get a rc.firewall file from somewhere, then add the script content into that existing file?
(not sure why I don't have an rc.firewall file .. what package supplies it?).
2. Why does the remote LAN system now require that I have to input my modified port number?, and not just connect on the Server modified Default Port? (If I try to remotely ssh into the Server without specifying the actual new port, it attempts to connect on old port 22 ?, then is connection refused... shown here:
Quote:
### Remote ssh attempt without specific port statement:
root@Crazed-Weasel:~# ssh server
ssh: connect to host server port 22: Connection refused
root@Crazed-Weasel:~#
|
Ideas? , I'll look forward to your responses about these two questions.
I would like to wholeheartedly express my gratitude to every member of the forum that has contributed to this post ... Thank You!
Kind Regards