Securing your Linux box
Everyone knows that Linux is secure, but this does not mean that your computer is uncrackable. Even though Linux is more secure than Windows, there are still things you can do to prevent your computer from being attacked and to prevent your computer from being compromised. This article is going to list a few things that you can do to help secure your Linux computer against an SSH attack from the outside.
*hosts.allow and hosts.deny*
This is probably your first line of defense. These two files control who can gain access to your computer in the first place. They do this by restricting the people according to their IP address, IP range, or domain name. In order for them to work correctly, you really need to use them both together. Block everyone using the hosts.deny file and then only let those people in that you trust using the hosts.allow file. Check the man pages for both files, but here are two simple examples to show you how the files work. If you wanted to block everyone from accessing your computer except for those on your internal network, this is how the files would be setup:
hosts.deny
ALL: ALL
hosts.allow
ALL: LOCAL, 192.168.0.
You will notice that for the internal network IP, I did not specify an entire address. I left the last digit off. This allows you to specify a block of addresses. In this case, anyone trying to access the computer whose IP address begins with 192.168.0 will be allowed. Basically, this allows anyone on your internal network to gain access (assuming that you network uses 192.168.0).
In addition, you can also specify domains and/or outside IP addresses and IP address ranges. For instance, if the company that you work for has a domain called www.foo.com, then you could specify that in the hosts.allow file. This would allow you to connect from work. Or, if your company only uses IP addresses, then you could put that in as well. Here is what the file could look like:
ALL: LOCAL, 192.168.0. ALL: .foo.com, 123.456.789.
This establishes where you can connect to your computer from. But what if you don’t want to restrict the entire world from connecting? Then the next best thing is to restrict how they can connect. For this, we secure SSH.
*Securing SSH*
For this, you will need to edit your sshd_config file. This is usually located in /etc/ssh/sshd_config. There are two key areas that you will want to change. The first will look like this:
# Authentication: #LoginGraceTime 120 #PermitRootLogin no #StrictModes yes
What you want to do here is to uncomment the PermitRootLogin. This will prevent anyone from logging onto your computer over ssh as root. This means that in order to gain root access, someone will have to first login using a regular user account and then su to root.
The second thing you can do to secure SSH is to which users/groups can login and which can not. To do this, you use four commands - AllowGroups, AllowUsers, DenyGroups, DenyUsers. You use the AllowGroups and AllowUsers to explicitly state which users and which groups can log in through SSH and you use the DenyGroups and DenyUsers to deny all other accounts from logging in. And these you can place at the end of your sshd_config file. An example might look like this:
AllowGroups users foo AllowUsers foo DenyGroups root bin postrges mysql nobody apache DenyUsers root bin postgres mysql nobody apache
And that is all that there is to it. Listed above are two simple tricks to securing a Linux computer. However, they are not guaranteed to make your computer completely cracker proof. There are many more things that you will need to do in order to completely secure your computer against attack (proper firewall, secure all open ports, use secure passwords, etc). But the above is a very good start and should be a part of every linux users toolbox when it comes to securing a computer on the Internet.
