Archive for the tag 'Disable'

SBDavid
Jan 17th, 2010

How to disable direct root login to your server

Step 1 Add your admin user to the ‘wheel’ group so that you will be able to ’su -’ to root, otherwise you may lock yourself out of root.

Adding user to the wheel group.

usermod -g wheel username

Edit /etc/ssh/sshd_config file.

vi /etc/ssh/sshd_config

Next, find the line PermitRootLogin yes and Uncomment it and make it look like PermitRootLogin no

Now restart SSH

/etc/rc.d/init.d/sshd restart
SBDavid
Dec 26th, 2009

How to disable SSL2.0 in apache

To disable the SSL2.0 protocol and forcing 3.0

For apache 1.3, find the line:

#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

and change it to:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:!SSLv2:+EXP:+eNULL

Note the 2 changes: a) remove the # character at the beginning of the line, and b) change +SSLv2 to !SSLv2

For apache 2.x, do the same thing, but instead it will be in the /etc/httpd/conf/ssl.conf file, or for the new apache system, /etc/httpd/conf/extra/httpd-ssl.conf (if you have both files, just change it in both).

Source : http://directadmin.com/

SBDavid
Oct 24th, 2009

Disable ICMP Redirect and Enable IP Spoofing Protection

Disable ICMP Redirect and Enable IP Spoofing Protection

ICMP redirects are used by routers to tell the server that there is a better path to other networks than the one chosen by the server.

However, an intruder could potentially use ICMP redirect packets to alter the hosts’s routing table by causing traffic to use a path you didn’t intend.

To disable ICMP Redirect Acceptance, edit the /etc/sysctl.conf file and add the following line:

net.ipv4.conf.all.accept_redirects = 0

# Do not accept ICMP redirects (prevent MITM attacks)

net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0

Enable IP Spoofing Protection

IP spoofing is a technique where an intruder sends out packets which claim to be from another host by manipulating the source address. IP spoofing is very often used for denial of service attacks.

To enable IP Spoofing Protection, turn on Source Address Verification.

Edit the /etc/sysctl.conf file and add the following line:

net.ipv4.conf.all.rp_filter = 1
SBDavid
Sep 22nd, 2009

How to disable IPv6 in RHEL 5, Fedora, CentOS?

How to disable IPv6 in RHEL 5, Fedora, CentOS?

In Red Hat Enterprise 5 Linux internet protocol version 6 (IPv6) module is turned on by default and if your network is not ready to run IPv6 then you need to turn it off on your Linux server.

Steps to disabled IPv6 on RHEL 5:

1. In Fedora, CentOS or RHEL5 Linux modules are loaded using /etc/modprobe.conf file.

Add these line to disable autloading of IPv6 module in /etc/modprobe.conf

alias net-pf-10 off
alias ipv6 off

2. Next edit /etc/sysconfig/network

# vi /etc/sysconfig/network

Change to the following.

NETWORKING_IPV6=no

3. Also to disable the IPv6 service.

#service ip6tables stop

4. permanently disabling.

# chkconfig ip6tables off
SBDavid
Aug 10th, 2009

How to disable direct root login

How to disable direct root login

Direct login for the root user is a major security issue. We can disable direct login access to reduce the security risk. This way we can have two separate passwords for root access which makes the box more secure. Also we are using the protocol 2 which is newer and more secure.

1. SSH into your server as ‘admin’ and gain root access by su

2. Copy and paste this line to edit the file for SSH logins

vi /etc/ssh/sshd_config

3. Find the line

Protocol 2, 1

4. Uncomment it and change it to look like

Protocol 2

5. Next, find the line

PermitRootLogin yes

6. Uncomment it and make it look like PermitRootLogin no

7. Save the file Ctrl+X then Y then enter

8. Now you can restart SSH

/etc/rc.d/init.d/sshd restart

Now, no one will be able to login to root with out first loggin in as admin and ’su -’ to root.

Be sure that you remember both the passwords!

« Prev - Next »