Solved

centos secure root

Posted on 2014-09-04
6
343 Views
Last Modified: 2014-09-20
Today when I logged in as "root" to my box via ssh I saw 459 failed attempts. . . how do I make it so that after 2 failed attempts - it will lock the  out ?
0
Comment
Question by:Starquest321
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 

Author Comment

by:Starquest321
ID: 40303432
Another option is to somehow set some verified IP's where we can SSH from . . .
0
 
LVL 35

Accepted Solution

by:
Seth Simmons earned 100 total points
ID: 40303800
you can use pam_tally to configure account lockout policy though i don't recommend for root

Locking User Accounts After Too Many Login Failures
http://www.puschitz.com/SecuringLinux.shtml#LockingUserAccountsAfterTooManyLoginFailures

probably a safer option is to disable ssh access for root which still allows for su and sudo

Security Tip: Disable Root SSH Login on Linux
http://www.howtogeek.com/howto/linux/security-tip-disable-root-ssh-login-on-linux/
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 200 total points
ID: 40305722
You can use public keys only for root:
man sshd_config
    PermitRootLogin
             Specifies whether root can log in using ssh(1).  The argument
             must be “yes”, “without-password”, “forced-commands-only”, or
             “no”.  The default is “yes”.

             If this option is set to “without-password”, password authentica-
             tion is disabled for root.

             If this option is set to “forced-commands-only”, root login with
             public key authentication will be allowed, but only if the
             command option has been specified (which may be useful for taking
             remote backups even if root login is normally not allowed).  All
             other authentication methods are disabled for root.

             If this option is set to “no”, root is not allowed to log in.

Selinux will prevent access to root's public key, so you need to make peace with it first before disabling password login

Also nice idea to add trusted users to wheel group and enable that groups sudo with visudo.
0
A new era in Cloud training has arrived.

A day that will go down in Cloud history.. But are you ready for it? Will you accept this Cloud challenge?

 
LVL 30

Assisted Solution

by:serialband
serialband earned 100 total points
ID: 40306502
Is this a public login server?  If not, change the default ssh port to something above 1024.  Don't use 22 if you don't want constant script kiddie brute force attempts.  Once they've discovered you, they'll keep attacking you from various IP addresses.

I've managed some public login servers and the logs are filled with password attempts on various accounts.  They eventually figure out your timeout period and come at you from multiple IPs and multiple servers.  I changed the ports on private servers to something other than port 22, and I get no attempts.
0
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 100 total points
ID: 40309929
Hardening needed here...

1. If password is quiet easy then change it to a complex one.
2. As Simmons suggested configure Account lockout
3. As Gheist suggested use public key to login
4. Modify the ssh port
5. Install software like HIDS to have eye on every single attempt to inject.

TY/SA
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 200 total points
ID: 40309946
3a use unprivileged accounts to ascend to root via sudo when needed....
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question