Security by Obscurity
I will include here the necessary steps to remove all version information from named, exim, apache and cppop.
Some recommended actions:
1)Change the default port for SSH. Ideally you should have as litle shell users as possible, so it is not an inconvenient to advise whoever uses it to use a different non-standard port.
On a regular day, even with pro-active firewalling, you will have hundreds of attempts to connect to SSH. Serious. This is how you do it:
ACTION
sudo pico -w /etc/ssh/sshd_config
You’ll probably see this:
#Port 22
Change this to:
Port 12345
Or whatever port number you like, keeping in mind not to use any other standard port for other services (I recommend anything between 9999 and 49151)
While you’re at it, remove ssh version 1 from usage:
Protocol 2
You can also only listen on certain IP addresses and there are plenty of other options here, play around.
Now you need to close port 22 on your firewall and open your new port up:
sudo pico -w /etc/apf/conf.apf
Look for your line looking like this one:
IG_TCP_CPORTS=”20,21,25,26,53,80,110,143,443….”
and remove 22 and add your new port.
After you finish, just do:
apf –restart
service sshd restart
Before you logoff, you better ensure your configuration is working:
ssh -2 -l username -p newPortNumber yourhost.com
Now, you might want to change your local SSH client options to set the new port number and protocol, just so you don’t have to do that all the time. Under linux, this can easily be done by editing, this time on your local computer, the same ssh_config file:
sudo pico -w /etc/ssh/ssh_config
Add these lines:
Host yourdomain.com
Port 12345 (your port number)
Protocol 2
Thats it!
Related posts:
