Tips for Securing SSH in Linux Box (Securing SSH Series)

Secured Shell or SSH is a great way to enable a secure login for your UNIX / Linux Box. However there are precaution that you should take in order to properly secure SSH daemon from being scanned or attacked by script kiddies or automated bots.

This week I’m going to write a series of article on securing SSH on Ubuntu Linux Box (VPS) and I’m going to link to this post from time to time.

  1. Disable Root login, enable SSH login for a handful of users only
  2. Install and configure Fail2Ban
  3. Limit access with Firewall Rules (limit by ip block, or ip address)
  4. Limit connection rate to SSH port
  5. Disable keyboard interactive login, Use public-key login
  6. Security Security through obscurity: Hiding SSH version
  7. Security Security through obscurity: Change default SSH ports

Hope this will help in securing your Linux Box / Linux VPS

Ubuntu: How to create a lot of entropy for GPG key generation from command line

Desktop Ubuntu users may have several ways to generate entropy relatively secure GPG keys (=>2048 bits), usually by moving the mouse and by typing random words. However this creates certain problem, for command-line user (especially those who are connecting through remote VPS connection).

Here’s a tip on how to produce enough entropy for GPG key generation:

  • apt-get install rng-tools
  • rngd -r /dev/urandom
  • then, proceed to generate GPG keys as usual: gpg –gen-key

Hopefully this tips will help you get by generating GPS keys over those VPS connections!

Mypapit GNU/Linux blog is now served with CloudFlare!

After long and careful consideration, I decided to enable CloudFlare for my blog.

CloudFlare is a content delivery network which aims to enhance website security and performance. CloudFlare CDN offers protection againts many forms of malicious activity including: spammers, email harvesters, SQL Injection, XSS, denial-of-service attack and suspicious web requests. Therefore saving valueable bandwidth from the web hosting machine.

My Personal Experience with CloudFlare
After a while using CloudFlare, I’ve notice that:

  • My site uses less bandwidth
  • The php-fcgi uses less (valueable RAM)
  • Less comment spam received from blogs
  • Site loads faster, not prone to being bogged down during peak hour

So far, so good, I love using CloudFlare…

How to secure server from SYN-flood attack using iptables

SYN-flood attack is commonly utilized as a mean to disrupt network communication and it is a form of (Distributed Denial-of-Service) DDOS attack. RFC4987 details common mitigation to deal with SYN-flood attack.

However in this post, I’m going to share you the method that I use to reduce the risk of SYN-flood attack from my department computers, with iptables
[bash]
/sbin/iptables -N syn-flood
/sbin/iptables -A syn-flood -m limit –limit 100/second –limit-burst 100 -j RETURN
/sbin/iptables -A syn-flood -j LOG –log-prefix "SYN-flood attempt: "
/sbin/iptables -A syn-flood -j DROP
[/bash]

RFC4987 suggests the use of SYN-cookie for added protection. You can enable SYN-cookie protection in Linux by running this command (as root):
[bash]
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
[/bash]

hope that helps…

Note: I’m not a full-time sysadmin as I’ve a different dayjob, but I was put incharged in securing part of my school’s computer network, so there.

Please update/patch and secure Litespeed web server

Due to the widespread of Litespeed 0-day attack which has affected local websites, it’s imperative for all sysadmin and website operator to patch/update and upgrade the security of the Litespeed web server.

This attack is dangerous particularly because the attacker can gain shell access with the same privileges of the web server or the user that runs the web server. Usually this allow the attacker to peek into database content and downloads it.

Patch now!, the security and privacy of your users are at the stake!

How to Hide Apache2 and PHP version without using mod_security in Ubuntu Linux

Although security by obscurity is not the best policy to protect your IS assets, but it is still useful to thwarts simple network scanner or newbie crackers.

Note: This tip is written for Ubuntu Linux, the steps is similar to other GNU/Linux distro, albeit with a slight variant.

Hiding Apache2 version
Edit /etc/apache2/apache2.conf

Add these lines at the end of the file:
ServerSignature Off
ServerTokens Prod

Restart Apache2
[bash]
sudo /etc/init.d/apache2 restart
[/bash]

Hiding PHP version
Edit /etc/php5/apache2/php.ini file

Find these lines, and switch it off:
expose_php = Off
display_errors = Off

Additionally you may disable certain ‘risky’ functions in php by editing the disable_functions line:
disable_functions = phpinfo, system,show_source,

Finally, you may restart Apache2 web server.
[bash]
sudo /etc/init.d/apache2 restart
[/bash]