Hi there,

I have Fedora 5 installed in my Dell desktop and it runs great. But being a newbie about LInux and Fedora, I have no idea about how to secure my box, and how, what I should install in my box to help it being attacked from outside.

Recently, I received some mails in var/spool/mail/root. When reading it, I see the code below:


------------------SSHD Begin----------------------

SSHD Started: 1 Time(s)

Failed logins from:
xxx.xxx.xxx.xxx: 229 times

Illegal users from:
xxx.xxx.xxx.xxx: 2 times

Users logging in through sshd:
user 1:
192.168.0.4

Received disconnect:
11: Bye bye: 126 Time(s)

SFTP subsystem requests: 3 Time(s)

**Unmatched Entries**
pam_succeed_if(sshd:auth): error retrieving informatio about user guset: 1 time(s)

---------------------SSHD End---------------------------



I believe this is about the security problem of my box, and actually my box was hacked by somebody IP xxx.xxx.xxx.xxx. My question is:

1. Linux was heard to be very secured and safe. I enabled firewall, of course I enable SSH as trusted, so that I can log in using putty from outside. That hacker obvously does not know my users and passwords. So how he can accessed to my box? Does that mean Linux is not as safe as I thought before?

2. How I can secure my box as many softwares as in Windows? And where should I read and learn about security stuffs?

Thanks a million,

KC.

http://www.raoul.shacknet.nu/2005/11/10/ssh-with-keys/ . Follow this guide to set up ssh with public key authentication.

That log does not say that anyone got in other than 192.168.0.4, which would be you. I see this sort of thing every day. You can see more detail in your /var/log/secure. You can report such hack attempts to the relevant isp, but it is not clear it does much good. But as long as you and your users have secure passwords you won't have a problem. They scan through a bunch of names for no password or obvious password. Just rattling the door but not getting in.

But if it really bothers you you can get your firewall to block repeated failed ssh attempts. Check out

http://www.debian-administration.org/articles/187

That log does not say that anyone got in other than 192.168.0.4, which would be you.

That's assuming 192.168.0.4 was not hacked. Difficult to be too paranoid.

Nope. It is easy to be too paranoid. See http://forums.fedoraforum.org/forum/showthread.php?t=118451

Well unless he has a wireless router the 192.168.0.4 was more than likely him otherwise someone cruising in the neighborhood.

2. How I can secure my box as many softwares as in Windows? And where should I read and learn about security stuffs?

KC.

That's a good one. For the home based wireless network there are several deterrents to help but most people do not implement them. If someone is getting in using your 192.168.0.4 ip address they getting in on the LAN side not the WAN side probally wireless unless they have a cable to your router. Some of the easier holes to plug are:

1. Disable broadcast SSID (Take this with a grain of salt but this only deters the casual freeloading or someone trying to get in)

2. Enable encyrption WPA at the minimum WPA2 is better LEAP/PEAP better VPN is better still. If using WPA/WPA2 use a 10 character password and not one that is a reconizeable word.

3. Enable MAC filtering even those MAC adresses can be spoofed

4. If using DHCP limit the number of IP addresses that can be assigned. Most people miss this one, if you have 2 wireless device limit the range from 192.168.1.2 to 192.168.1.3, that way if both your wilress device are on and connected no else will be assigned an IP

5. Use SSH with password and the same applies, do not use a reconizeable word, use random characters.


There are a few more that are more complicated to use, but if your only worried about someone getting into your box, turn it off if not in use. Fedora does a pretty good job of securing itself out of the box but there is always room for improvement

hy

http://forums.fedoraforum.org/forum/showthread.php?t=109009 this how-to could be interessting for you. it descirbes the process of automaticly block (ingore) systems after a numeros of failed attempts...

cheers liro

You are new to linux. Ok, that's the first point.
You have been hacked ? really ? no, pirated you mean...
Did you really need SSH ?