All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Being a good customer / Playing nice on the net
SonOfAMotherlessGoat
Member
I've scanned through a search of the posts and I think a new post is the best way to get the right answers.
I'm setting up a few new installs (Thanks Ishaq and LinuxTheFish!) and I'm trying to set things up to be as secure and non-disruptive as possible. (SSH cert's only, AlowUsers to just the few that need it, UFW / SSHGuard etc.) I've looked for any scripts that would allow for me to run local scans for hits on RBL's or any internal activity that may indicate that my security is broken or that my daemons are being used for purposes other than intended. (Running a mailserver, LEMP stack and possibly NSD/Unbound.)
I saw a thread from 24 that mentioned a script that they had come up with, but it seems like that thread has died.
So TL;DR, what can I do to help prevent being an unwitting relay or attack vector?
Thanks!
Comments
Hey there! Look for things such as not running a DNS server recursively if you have one installed. Make sure all software you use stays up to date, especially blogging or forum software. Keep in mind plugins and extensions as well.
pinging @Ishaq and @linuxthefish so they see this
Just be aware of what you do, don't execute random scripts without first looking to see if they download anything strange. Also take the same caution with wordpress scripts and themes if you use it...
Other than that you should be OK as long as you have SSH secured.
No WP! Want to stay away from that. It's what we use now and I'm not a fan. Thanks for the pointers guys. No curl to sudo bash... (Even though that's one of the install options for our project now, until I figure out how to roll a deb and convert Git commits to Quilt...)
There's no all in script to do that.
Lock unused port, limit connection per ip, lock down your login (web app)
Okay, I check mxtoolbox often for RBL lookups and it looks like they have an API, so might play with that. I like to roll my own instead of pulling down scripts if I can. But only so much time...
So...you're missing a grandmother?
And once I check with my providers, would it be something to consider in using like an OpenVAS to scan myself or is that just a waste of time and too much traffic to throw around?
Waste of time mostly, but a general security overview looking at what's running and logs once a month won't hurt.
@raindog308
It's from The Three Amigos.
Another thing is that you should never install vulnerable software (e.g Sentora, zPanel).
Those pieces of junk are an one ticket way into server exploits.
The SSH defence software you mentioned are not really necessary seeing as you're limiting login to keys and only certain users.
We also restrict the number of concurrent SMTP connections to prevent spam so it shouldn't be a cause for concern.