[sake]

@Mavrick4283:

Hmmm. I just wanted to add something with my post, that was no criticism . Thanks for the good tutorial. But I think I stay with ufw because atm I don't need more .

What are your settings to keep people out? One of the first things I did was to disable root login over ssh, created another user for normal login and started the servers with that user. Then I installed fail2ban against ssh-Bruteforcing and last but not least I just made my passwords 12 characters long (at minimum ).

[Mavrick4283]

Quote:

Originally Posted by sake @Mavrick4283: Hmmm. I just wanted to add something with my post, that was no criticism . Thanks for the good tutorial. But I think I stay with ufw because atm I don't need more . What are your settings to keep people out? One of the first things I did was to disable root login over ssh, created another user for normal login and started the servers with that user. Then I installed fail2ban against ssh-Bruteforcing and last but not least I just made my passwords 12 characters long (at minimum ).

Sry if it seamed i was flaming you, i have been up for 3 days now so i have been real short.

As for my setting to keep people out, I use iptables to only accept my MAC address for SSH and my non-admin to SU to root it's self, I also use fail2ban to ip/mac ban any one who try to login to SSH more then 2 times incorrectly. I also use a different port and port knocking. As for password i do not use them i use keys only and they are password protected them self and those passwords are 13-23 Alpha, numeric,upper,lower, symbols, non repeating number letter or symbolic and there can not be 2 number letter or symbols next to each other EX. Nx,43,#)

For most people this is over kill but hay what can i say i piss alot of people off

EDIT:
As for my game servers they each run as there own users that are in Jails so they can not read or write out side there running dirs. And there users can not be logged into through SSH or even SU to

Also forgot to say yes my root login is disabled over ssh also

[sake]

wtf! Good job, there.

Do you think, my settings are enough? And should I really disable IPv6? And how does that key system work? Is it hard to set it up?

[Mavrick4283]

I do network security for a living ( In school for it now) So i tend to over do things. ATM i am locked out of my own web server because i missed typed my pass 1 time . But like i said before once i think it through some more i will write a tut with pics on how to harden your linux servers. If you are running windows you are SOL lol


EDIT:

Wow i know i am tired when i read your post 3 times and do no see your question.

You setting are a good start but there are some many tools out there that people with little knowledge can use it is a good idea to protect your self the best you can. As for ipv6 yes you should have that off and i have a feeling that some one is going to try to aruger that ipv6 is now in use and will be needed...The short part of that is they are doing ipv6 over ipv4 and also SRCD/HLDS do not support it.....So TURN IT OFF. And setting up the keys is not that hard once you do it once or twice the first time can be a pain in the ass

[sake]

Thanks, that is all I needed to know. Will disable it when I have time to do so.

And the thing with the jails:

Already thought of that one, but really?

[Mavrick4283]

Quote:

Originally Posted by sake Thanks, that is all I needed to know. Will disable it when I have time to do so. And the thing with the jails: Already thought of that one, but really?

The jails are my fail safe, When the upload down load exploit was new you were able to upload a SMX that would allow you shell access to the server so the jails keep them from doing any thing more then poking around in my game folder.

I do not know if i will do a tut on that but will put the links with the need info in it.

[sake]

Hmmm. Yeah, I think I will do that, too. But not now. Just create a new user per server and then restrict him to his home directory, right?

[Mavrick4283]

http://www.cyberciti.biz/tips/howto-...ail-setup.html

It is closer to this

[sake]

Changed my ssh port, Maybe recommend this in the first post?

[sake]

Knockd is really nice .