iptables limit module
Using iptables limit module to limit the the number of connections to the ssh port to 3 per minute.
iptables -A INPUT -p tcp –dport 22 –syn -m limit –limit 1/m –limit-burst 3 -j ACCEPT
iptables -A INPUT -p tcp –dport 22 –syn -j DROP
The first line will accept new connections on port 22 provided that IP address hasn’t made more than 3 connection attempts in the last minute. If more than 3 connection attempts have been made within the last minute, then the second line will DROP the connection.
Use a Non-Standard SSH Port
By default, ssh listens for incoming connections on port 22. For a hacker to determine ssh is running on your machine, he’ll most likely scan port 22 to determine this. An effective method is to run ssh on a non-standard port. Any unused port will do, although one above 1024 is preferable. Many people choose 2222 as an alternative port (as it’s easy to remember), just as 8080 is often known as the alternative HTTP port. For this very reason, it’s probably not the best choice, as any hacker scanning port 22 will likely also be scanning port 2222 just for good measure. It’s better to pick some random high port that’s not used for any known services. To make the change, add a line like this to your /etc/ssh/sshd_config file:
# Run ssh on a non-standard port:
Port 2345 #Change me
and restart the sshd service. Don’t forget to then make any necessary changes to port forwarding in your router and any applicable firewall rules.
Because ssh is no longer listening for connections on the standard port, you will need to tell your client what port to connect on. Using the ssh client from the command line, we may specify the port using the -p switch:
Limit SSH User Logins
SSH logins can be limited to only certain users who need remote access. If you have many user accounts on the system then it makes sense to limit remote access to only those that really need it thus limiting the impact of a casual user having a weak password. Add an AllowUsers line followed by a space separated list of usernames to /etc/ssh/sshd_config. For example:
and restart the sshd service.
Disable Root Logins
SSH server settings are stored in the /etc/ssh/sshd_config file. To disable root logins, make sure you have the following entry:
# Prevent root logins:
PermitRootLogin no
and restart the sshd service:
If you need root access, login as a normal user and use the su command.
How to uninstall apf in linux machine
You can use the following steps to uninstall apf in a linux machine:
Stop the apf service running in the server.
$ /etc/rc.d/init.d/apf stop
Remove the apf files from the server.
$ rm -Rf /etc/apf
$ rm -Rf /etc/rc.d/init.d/apf
$ rm -Rf /var/log/apf_log
$ rm -Rf /var/log/apfados_log
$ rm -Rf /usr/local/sbin/apf
Disable apf in the run levels.
$ /sbin/chkconfig –level 345 apf off
Open up and remove this line:
$ vi /etc/cron.daily/fw
/etc/rc.d/init.d/apf restart >> /dev/null 2>&1
