How does g secure a server
after
>fail2ban
>tripwire
>no remote root
>no ssh passwords
>>54485572
Just got a new dedicated server a few weeks ago.
All I've done so far is disabled root ssh login.
>>54485592
This, and I changed the default ssh port
>>54485572
What's tripwire do for you?
>mfw server on the company I work for is windows and they all use the same shit password via unencrypted rdp
I don't have face
>>54485639
>All I've done so far is disabled root ssh login.
>>>
>Anonymous 05/11/16(Wed)02:16:26 No.54485620▶
> >>54485592
> This, and I changed the default ssh port
>>>
>Anonymous 05/11/16(Wed)02:18:08 No.544856
mostly generates more logs for me to check. it sends long emails about every little filesystem change, not really that useful unless you spend a lot of time configuring it
>>54485620
>>54485592
if you haven't already at least set up key based login. it doesn't take long and protects against brute force attacks. downside is you have to put your keys on every computer you want to log in from https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server
>>54485801
Or I could just set up fail2ban and be able to log into my shit.
>>54485801
that's like not locking your door because you got a big dog..security is layers friend
http://dev-sec.io
>>54485931
https://www.youtube.com/watch?v=_bMcXVe8zIs