Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: How to protect my Ubuntu server against attacks

  1. #1
    Join Date
    Oct 2011
    Beans
    2

    How to protect my Ubuntu server against attacks

    Hi,

    I'm looking for a strong authentication solution to protect my Ubuntu server against attacks.

    I want to protect SSH, PhpMyAdmin and my Drupal backend.

    There are all protected using a password, and I'm not feeling safe about that.

    I was looking for an hardware authentication and the only device I found is the Swekey authentication key.

    Did anybody even tried this USB dongle ?

    Regards,

    Piet

  2. #2
    Join Date
    Sep 2006
    Beans
    8,623
    Distro
    Ubuntu 14.04 Trusty Tahr

    key-based authentication

    For SSH, one of the best things for security would be to disable password-based authentication and only key-based authentication.

    The weak link might be PhpMyAdmin. Learn to use the shell and you can remove PhpMyAdmin from your machine. Once you know how, the shell is faster and easier. It's also scriptable.

  3. #3
    Join Date
    Aug 2010
    Location
    Between Heatsink and CPU
    Beans
    538
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: How to protect my Ubuntu server against attacks

    +1 for what Lars Noodén said.

    Also you might want to consider changing the default URL of your PHPmyadmin page if you want to stick with it; have a look here to do so.

    ** My Blog
    **

  4. #4
    Join Date
    Jan 2009
    Beans
    Hidden!
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: How to protect my Ubuntu server against attacks

    Quote Originally Posted by Lars Noodén View Post
    For SSH, one of the best things for security would be to disable password-based authentication and only key-based authentication.

    The weak link might be PhpMyAdmin. Learn to use the shell and you can remove PhpMyAdmin from your machine. Once you know how, the shell is faster and easier. It's also scriptable.
    +1
    All the attacker will see is:
    "Permission denied (publickey)."

    A live demo:
    Code:
    ssh root@ubudog.net


    - No password prompt.

    Also, you can install fail2ban for extra ssh security.

    Quote Originally Posted by e79 View Post
    +1 for what Lars Noodén said.

    Also you might want to consider changing the default URL of your PHPmyadmin page if you want to stick with it; have a look here to do so.
    Nice link!

  5. #5
    Join Date
    Jan 2009
    Beans
    204

    Re: How to protect my Ubuntu server against attacks

    Change SSH listening port.
    When you wish upon a falling star, your dreams can come true. Unless it's really a Meteorite hurtling to the earth which will destroy all life. Then you're pretty much hosed no matter what you wish for. Unless its death by meteor.

  6. #6
    Join Date
    Feb 2011
    Location
    Maryland
    Beans
    2,256

    Re: key-based authentication

    Quote Originally Posted by Lars Noodén View Post
    For SSH, one of the best things for security would be to disable password-based authentication and only key-based authentication.

    The weak link might be PhpMyAdmin. Learn to use the shell and you can remove PhpMyAdmin from your machine. Once you know how, the shell is faster and easier. It's also scriptable.
    I +1 this as well.

    Not sure what you have running on there, but you could also change the firewall to only accept outside requests from certain IP addresses.

  7. #7
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: How to protect my Ubuntu server against attacks

    For SSH I second what has already been said.

    For phpmyadmin, change the default path, and preferably don't use it, like already stated.

    For Drupal consider using mod-security (will also help phymyadmin) and hardening your database installation. Don't hack core, check your file permissions, protect your admin directory with htaccess.

    For two factor authentication tokens swekey is nice, so are products by umikey and yubikey.

    Hope this helps.

  8. #8
    Join Date
    Oct 2011
    Beans
    2

    Re: How to protect my Ubuntu server against attacks

    Thanks for your input.

    I also purchased a Swekey.

    To be honnest I'm amazed by the device.

    I use it for ssh and to administrate a Drupal web site.

    It is very simple to use, and when I unplug it I'm even logged out...

    Thanks again,

    Piet

  9. #9
    Join Date
    Jul 2011
    Beans
    15

    Re: How to protect my Ubuntu server against attacks

    This works in Ubuntu Server 10.04 LTS.
    First, you need to edit /etc/phpmyadmin/apache.conf and add make sure the top of the configuration looks like this (changes where appropriate):

    "...

    # phpMyAdmin default Apache configuration

    Alias /[YourSecretLocation] /usr/share/phpmyadmin

    <Directory /usr/share/phpmyadmin>
    Options FollowSymLinks
    DirectoryIndex index.php
    AllowOverride All
    AuthType Basic
    AuthName "[YourTitleHere]"
    AuthUserFile /usr/share/phpmyadmin/.htpasswd
    Require valid-user
    <IfModule mod_php5.c>
    ..."

    Next: cd /usr/share/phpmyadmin
    Then: sudo htpasswd -c .htpasswd [YourSelectedUserName]

    Enter the passwords, and finally:
    sudo service apache2 restart

    This worked for me, hopefully it will for you as well.

  10. #10
    Join Date
    Mar 2008
    Location
    Earth
    Beans
    Hidden!
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: How to protect my Ubuntu server against attacks

    Something I run on all my systems is http://ossec.net, it is host based Intrusion software. Not difficult to install, minimal tuning required and its stable.

    It will alert you if strange things start to happen, an important part of securing a system is system monitoring.

    Active Response can also be enabled with ossec, this will block access to the system from perceived attackers using IP Tables.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •