Limit SSH access By IP Address
Secure your server more, and prevent brute force attacks, you can limit SSHd to certain IP addresses by manipulating the /etc/hosts.allow file and the /etc/hosts.deny file.
Open /etc/hosts.allow
Use the following command to open the hosts.allow file:
Once this file is open, add the following line:
Open /etc/hosts.deny
Use the following command to open the hosts.deny file:
Once it opens, add the following line to the file:
Save and exit, and you have successfully limited SSH access by IP address.
Limit the number of Rails applications in Cpanel Server
You can limit the number of Rails applications your customers can install.
To do this in WHM, go to Modify an Account, click the domain name you wish to limit, and in the Max Mongrel Instances (Ruby on Rails) box, specify the desired maximum number of applications.
How to limit server resource allocation to system users
The file /etc/security/limits.conf, contains the various limits for users or groups that can be set. In this case, we set the max locked-in-memory address space, memlock (KB). For example, if user bob needed to have a hard limit of 512 MB of RAM, then add in the following line:
‘domain’ ‘type’ ‘item’ ‘value’
buddy hard memlock 524288
Where domain can be
1. an user name
2. a group name, with @group syntax
3. the wildcard *, for default entry
4. the wildcard %, can be also used with %group syntax, for maxlogin limit
The “type” can have following two values
1. “soft” for enforcing the soft limits
2. “hard” for enforcing hard limits
The “item” can be one of the following values
1. core - limits the core file size (KB)
2. data - max data size (KB)
3. fsize - maximum filesize (KB)
4. memlock - max locked-in-memory address space (KB)
5. nofile - max number of open files
6. rss - max resident set size (KB)
7. stack - max stack size (KB)
8. cpu - max CPU time (MIN)
9. nproc - max number of processes
10. as - address space limit
11. maxlogins - max number of logins for this user
12. priority - the priority to run user process with
13. locks - max number of file locks the user can hold
iptables limit module
Using iptables limit module to limit the the number of connections to the ssh port to 3 per minute.
iptables -A INPUT -p tcp –dport 22 –syn -m limit –limit 1/m –limit-burst 3 -j ACCEPT
iptables -A INPUT -p tcp –dport 22 –syn -j DROP
The first line will accept new connections on port 22 provided that IP address hasn’t made more than 3 connection attempts in the last minute. If more than 3 connection attempts have been made within the last minute, then the second line will DROP the connection.
Limit SSH User Logins
SSH logins can be limited to only certain users who need remote access. If you have many user accounts on the system then it makes sense to limit remote access to only those that really need it thus limiting the impact of a casual user having a weak password. Add an AllowUsers line followed by a space separated list of usernames to /etc/ssh/sshd_config. For example:
and restart the sshd service.
