Boa noite,
Estou com umas idéias de coisas que planejo “desenvolver” para navegar de maneira mais segura. Como precisarei do SSH, acesso a portas das máquinas virtuais e coisas assim estou fazendo posts relacionados a estes assuntos já que precisarei dos mesmos para “desenvolver” tal segurança. E assim, o futuro post não ficará tão extenso.
Para você instalar o ssh-server no Ubuntu é muito simples:
$ sudo apt-get install openssh-server
Após isso você deve fazer algumas modificações para ficar mais seguro. Acesse o arquivo /etc/ssh/sshd_config
$ sudo vi /etc/ssh/sshd_config
AllowUsers USUARIO #habilita somente este usuario
AllowGroups GRUPO_DO_USUARIO # habilita somente este grupo
PasswordAuthentication yes
MaxStartups 2:100:2
Port XXX # Alguma porta aleatoria de sua vontade que não esteja em uso.
O que o MaxStartups faz? Especifica o número máximo de conexões não autenticadas ao servidor. Sua sintaxe é a seguinte inicio:porcentagem:maximo. Vamos supor, inicio = 10, porcentagem = 50, maximo = 20. Quando for atingidas 10 conexões ele irá iniciar com a porcentagem, ou seja, uma conexão terá chance de ser fechada de cara ou não, a mesma aumenta linearmente até o número máximo de conexões, e apartir dessa todas são negadas. Eu particularmente pensei um pouco e decidi adotar o inicio com 2, porcentagem com 100 e máximo como 2 então qualquer nova conexão apartir de 2 será automaticamente recusada. (Isso pode ser um problema caso existam pessoas tentando invadir seu servidor e provavelmente estarão utilizando todas as sessões). Talvez o recomendavel seja mais correto 10:30:60 porém prefiro deixar o meu mais restrito.
/etc/init.d/ssh
Você ainda pode adicionar o seguinte código ao /home/usuario/.profile:
echo Digite sua senha de segurança:
read senha
if [ $senha == “SUA_SENHA” ]
then
# CÓDIGOS QUE JÁ ESTÃO NO PROFILE!
else
exit
fi
Não se esqueça de bloquear acesso do root
Na minha máquina também desabilitei o comando “su” da seguinte maneira:
$ chmod 700 /usr/bin/su-to-root
Grato,
Matheus
Referencias:
Desabilitar Comando SU
Informação MaxStartups
Duas dicas que não são relacionadas com segurança, você pode descomentar a linha
Banner /etc/arquivo # Default /etc/issue.net
A mensagem que está dentro do /etc/arquivo irá ser exibida quando se conectar no SSH.
Para editar a mensagem que apareça assim que o usuario se loga você deve editar o /etc/motd.
Looking for the Best Drive School of Motoring? Get expert driving lessons at best driving school for affordable and quality driving instruction.
Oh my goodness! a tremendous article dude. Thanks However I am experiencing difficulty with ur rss . Don?t know why Unable to subscribe to it. Is there anyone getting similar rss drawback? Anybody who is aware of kindly respond. Thnkx
Lovely just what I was looking for. Thanks to the author for taking his clock time on this one.
Your resources are well developed.
This is valuable stuff.In my opinion, if all website owners and bloggers developed their content they way you have, the internet will be a lot more useful than ever before.
Hello this is a wonderful write-up. I’m going to e mail this to my friends. I came on this while searching on yahoo I’ll be sure to come back. thanks for sharing.
Nice blog here! Also your web site loads up very fast! What host are you using? Can I get your affiliate link to your host? I wish my web site loaded up as fast as yours lol
This is valuable stuff.In my opinion, if all website owners and bloggers developed their content they way you have, the internet will be a lot more useful than ever before.
Wow, amazing blog layout! How long have you been blogging for? you make blogging look easy. The overall look of your site is wonderful, let alone the content!
Right now it sounds like Movable Type is the preferred blogging platform available right now. (from what I’ve read) Is that what you’re using on your blog?
Hello there, You have performed an incredible job. I will definitely digg it and personally suggest to my friends. I am sure they will be benefited from this site.
Hi, possibly i’m being a little off topic here, but I was browsing your site and it looks stimulating. I’m writing a blog and trying to make it look neat, but everytime I touch it I mess something up. Did you design the blog yourself?
Hello there, You have performed an incredible job. I will certainly digg it and in my opinion recommend to my friends. I’m sure they will be benefited from this site.
Hello there, You have done a great job. I will definitely digg it and individually recommend to my friends. I’m confident they’ll be benefited from this web site.
I really like your writing style, excellent info , thanks for putting up : D.
It’s time for communities to rally.
How long does it take you to write an article like this?
This is my first time i visit here. I found so many helpful stuff in your website especially its discussion. From the tons of responses on your posts, I guess I am not the only one having all the enjoyment here! keep up the excellent work
You write Formidable articles, keep up good work.
We need to build frameworks and funding mechanisms.
Spot on with this write-up, I truly believe this website requirements a lot much more consideration. I’ll probably be once more to read much much more, thanks for that info.
Write more stories, more chapters.
Another thing is that when searching for a good on-line electronics store, look for web shops that are continually updated, always keeping up-to-date with the hottest products, the most beneficial deals, and also helpful information on services and products. This will ensure you are dealing with a shop which stays ahead of the competition and provides you things to make educated, well-informed electronics expenditures. Thanks for the significant tips I’ve learned from your blog.
Please let me know if you’re looking for a article writer for your blog. You have some really great articles and I believe I would be a good asset. If you ever want to take some of the load off, I’d love to write some articles for your blog in exchange for a link back to mine. Please shoot me an email if interested. Thanks!
Some genuinely choice content on this site, bookmarked .
I really like your writing style, excellent info , thanks for putting up : D.
We absolutely love your blog and find the majority of your post’s to be exactly what I’m looking for. Do you offer guest writers to write content to suit your needs? I wouldn’t mind composing a post or elaborating on a number of the subjects you write about here. Again, awesome weblog!
I’m in awe of the author’s talent to make complicated concepts accessible to readers of all backgrounds. This article is a testament to his expertise and dedication to providing useful insights. Thank you, author, for creating such an compelling and insightful piece. It has been an unforgettable experience to read!