Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Thu, Aug 31, 2006 at 12:41:24PM -0400, Larry Underhill wrote: > slightly OT: what are the general practices folks that folks take to > secure the "public" services on their home boxen? I have ssh and http > available. > > My general take is: > > * firewall with ssh (on a high num port) and http open. All others are > denied. Very useful, if you can handle it. I also open IMAP/SSL and SMTP. > * sshd w/ key only access and no remote root login. For many servers, this is an excellent addition to the config: AllowUsers user1 user2 user3 ...which rejects every login attempt not by one of those named users. If you have just five or six or a dozen accounts that should get in, this is a good way to protect. > I also rotate passwords for root and my (one) user account. Any other > tips/tricks? I'd rather have a strong password than a recently changed one. If you can have both, even better. -dsr- -- -. --- -- --- .-. . ... . -.-. .-. . - ... ..-. ..- -.-. -.- - .... . -. ... .- ..-. ..- -.-. -. .-. -.. - .... ... ..- -.- -. .-- -.-. -.. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |